All the vulnerabilites related to Microsoft - .NET Framework
var-201903-1467
Vulnerability from variot

A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. plural Microsoft The product includes URL There is a vulnerability related to input validation due to incomplete analysis method. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update for February 2019 Advisory ID: RHSA-2019:0349-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0349 Issue date: 2019-02-14 CVE Names: CVE-2019-0657 ==================================================================== 1. Summary:

Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.14, 1.1.11, 2.1.8, and 2.2.2.

Security Fix(es):

  • .dotnet: Domain-spoofing attack in System.Uri (CVE-2019-0657)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

For more information, please refer to the upstream doc in the References section.

  1. Solution:

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1673891 - CVE-2019-0657 dotnet: Domain-spoofing attack in System.Uri

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm

x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm

x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm

x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-0657 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXGTxZNzjgjWX9erEAQg28RAAkXyiq8u2m6G6BJN/7LqO31WHqXGmf+Em SeGsTnrnV9YpjFqPXby3WFz3AHGrTITrOy+JA2WyYTezgc3F4aZu28jHCgsuRJmU AvEg8XitYunmg9sxzr0SUmf8bleFUpawLNh+HiHC/fVUSrHA953yH6QjPDj3KT3+ 27SmMMmUvdqpZOxYrHN9iPfYiqONIKEkHq6vGkplqePPOkWja7v7r7UYm8I493zN cFLWzVI6N17qsLIqe2OduMtZ0tBcdOdKwjxi4BVbVwNmhV1qiXfBotP7RdRjvVgu SJw2LObFjPmfHBZX7c8Q+S4oWSLTO+YnqEzjRopXy8adaxxxFDvYCb5FJ5YGvFNK eI4SDGilbT73PXISefvmxjPM3Vu2T7yvvgGwg9Yl64DPgsLLFBxm2kEpXE7h3ZkH JiTBjT3eOPhuK43X5+X9VnM/9C7Add1xb9HMz1iWvJQidKKJ44FDGFhWoHXZMa2Z oca6jNXGpzqUtpMgsnC4ZM7WISyNtnVdBBE31xwEPl1ssi+Mrsq8lFWiFt1GUnQQ /DCPVS8L1aTsIb1q6SUTzqRkEMi2jADvP+tWohxMw/M2NNFKIEbfEgld2xO5X79F +edr0KVq8fgRgN9GP6rs+xNtS30uO6fLNLzXiT/7kgyvmadyuyzpye8mjDDlzJYX 1Uwk7uAgds0=IIGV -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201903-1467",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.2"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "6.2"
      },
      {
        "model": "visual studio 2017",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "15.9"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "visual studio 2017",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0 sp2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.0 sp2"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2017"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2017 version 15.9"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "201715.9"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20170"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002326"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0657"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:visual_studio",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002326"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jonathan Birch of Microsoft Corporation,Red Hat",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-374"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-0657",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-0657",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "id": "CVE-2019-0657",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-0657",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-0657",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201902-374",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002326"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-374"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0657"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability exists in certain .Net Framework API\u0027s and Visual Studio in the way they parse URL\u0027s, aka \u0027.NET Framework and Visual Studio Spoofing Vulnerability\u0027. plural Microsoft The product includes URL There is a vulnerability related to input validation due to incomplete analysis method. \nAn attacker can exploit this issue to conduct  spoofing attacks and perform unauthorized actions; other attacks are  also possible. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security update for February 2019\nAdvisory ID:       RHSA-2019:0349-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:0349\nIssue date:        2019-02-14\nCVE Names:         CVE-2019-0657\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for\n.NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 1.0.14, 1.1.11, 2.1.8, and\n2.2.2. \n\nSecurity Fix(es):\n\n* .dotnet: Domain-spoofing attack in System.Uri (CVE-2019-0657)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream doc in the References\nsection. \n\n4. Solution:\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1673891 - CVE-2019-0657 dotnet: Domain-spoofing attack in System.Uri\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-7.el7.src.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-7.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-3.el7.src.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-3.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-7.el7.src.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-7.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-3.el7.src.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-3.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-7.el7.src.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-7.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-3.el7.src.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-3.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-3.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0657\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXGTxZNzjgjWX9erEAQg28RAAkXyiq8u2m6G6BJN/7LqO31WHqXGmf+Em\nSeGsTnrnV9YpjFqPXby3WFz3AHGrTITrOy+JA2WyYTezgc3F4aZu28jHCgsuRJmU\nAvEg8XitYunmg9sxzr0SUmf8bleFUpawLNh+HiHC/fVUSrHA953yH6QjPDj3KT3+\n27SmMMmUvdqpZOxYrHN9iPfYiqONIKEkHq6vGkplqePPOkWja7v7r7UYm8I493zN\ncFLWzVI6N17qsLIqe2OduMtZ0tBcdOdKwjxi4BVbVwNmhV1qiXfBotP7RdRjvVgu\nSJw2LObFjPmfHBZX7c8Q+S4oWSLTO+YnqEzjRopXy8adaxxxFDvYCb5FJ5YGvFNK\neI4SDGilbT73PXISefvmxjPM3Vu2T7yvvgGwg9Yl64DPgsLLFBxm2kEpXE7h3ZkH\nJiTBjT3eOPhuK43X5+X9VnM/9C7Add1xb9HMz1iWvJQidKKJ44FDGFhWoHXZMa2Z\noca6jNXGpzqUtpMgsnC4ZM7WISyNtnVdBBE31xwEPl1ssi+Mrsq8lFWiFt1GUnQQ\n/DCPVS8L1aTsIb1q6SUTzqRkEMi2jADvP+tWohxMw/M2NNFKIEbfEgld2xO5X79F\n+edr0KVq8fgRgN9GP6rs+xNtS30uO6fLNLzXiT/7kgyvmadyuyzpye8mjDDlzJYX\n1Uwk7uAgds0=IIGV\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0657"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002326"
      },
      {
        "db": "BID",
        "id": "106890"
      },
      {
        "db": "PACKETSTORM",
        "id": "151684"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0657",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "106890",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002326",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "151684",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0476",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-374",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002326"
      },
      {
        "db": "PACKETSTORM",
        "id": "151684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-374"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0657"
      }
    ]
  },
  "id": "VAR-201903-1467",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T23:01:51.783000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2019-0657 | .NET Framework and Visual Studio Spoofing Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657"
      },
      {
        "title": "CVE-2019-0657 | .NET Framework \u3068 Visual Studio \u306e\u306a\u308a\u3059\u307e\u3057\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2019-0657"
      },
      {
        "title": "Microsoft .NET Framework  and Visual Studio Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89188"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002326"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-374"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002326"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0657"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0657"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/106890"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0657"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:0349"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0657"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190213-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2019/at190006.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-february-2019-28512"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-february-2019-28485"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/75638"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/151684/red-hat-security-advisory-2019-0349-01.html"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/powershell/announcements/issues/14"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0657"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002326"
      },
      {
        "db": "PACKETSTORM",
        "id": "151684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-374"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0657"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "106890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002326"
      },
      {
        "db": "PACKETSTORM",
        "id": "151684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-374"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0657"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-02-12T00:00:00",
        "db": "BID",
        "id": "106890"
      },
      {
        "date": "2019-04-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002326"
      },
      {
        "date": "2019-02-14T14:59:07",
        "db": "PACKETSTORM",
        "id": "151684"
      },
      {
        "date": "2019-02-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-374"
      },
      {
        "date": "2019-03-05T23:29:02.037000",
        "db": "NVD",
        "id": "CVE-2019-0657"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-02-21T05:00:00",
        "db": "BID",
        "id": "106890"
      },
      {
        "date": "2019-04-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002326"
      },
      {
        "date": "2019-04-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-374"
      },
      {
        "date": "2024-11-21T04:17:03.300000",
        "db": "NVD",
        "id": "CVE-2019-0657"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-374"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Microsoft Vulnerability related to input validation in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002326"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-374"
      }
    ],
    "trust": 0.6
  }
}

var-201905-0991
Vulnerability from variot

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. This vulnerability CVE-2019-0980 and CVE-2019-0981 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial of service condition.

Bug Fix(es):

  • dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)

  • -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2019:1236-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1236 Issue date: 2019-05-15 CVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 ==================================================================== 1. Summary:

Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and 2.2.5.

Security Fix(es):

  • dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)

  • dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)

  • dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)

  • Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)

  • Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)

  • Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)

  • Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1654863 - Re-enable bash completion in rh-dotnet22-dotnet 1678932 - Error rebuilding rh-dotnet22-curl in CentOS 1703479 - Broken apphost caused by unset DOTNET_ROOT 1703508 - Update to .NET Core 1.1.13 1704454 - Update to .NET Core 1.0.16 1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107 1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507 1705259 - Make bash completion compatible with rh-dotnet22 packages 1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service 1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service 1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm

x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm

x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm

x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-0820 https://access.redhat.com/security/cve/CVE-2019-0980 https://access.redhat.com/security/cve/CVE-2019-0981 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB hMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3 3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH kCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ pTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa UcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN NqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg z+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB n7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP DPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD /I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm KCZo5tPFVoU=dJ6F -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0991",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.8"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.2"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.6"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.1"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.6"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.6"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0 sp2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.0 sp2"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.1"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108245"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003848"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0820"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003848"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat,Microsoft",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-419"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-0820",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-0820",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-0820",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-0820",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-0820",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-0820",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-419",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-0820",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0820"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003848"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-419"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0820"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka \u0027.NET Framework and .NET Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. This vulnerability CVE-2019-0980 and CVE-2019-0981 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial of service condition. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID:       RHSA-2019:1236-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:1236\nIssue date:        2019-05-15\nCVE Names:         CVE-2019-0820 CVE-2019-0980 CVE-2019-0981\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now\navailable for .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and\n2.2.5. \n\nSecurity Fix(es):\n\n* dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)\n\n* dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0980)\n\n* dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0981)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)\n\n* Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)\n\n* Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)\n\n* Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1654863 - Re-enable bash completion in rh-dotnet22-dotnet\n1678932 - Error rebuilding rh-dotnet22-curl in CentOS\n1703479 - Broken apphost caused by unset DOTNET_ROOT\n1703508 - Update to .NET Core 1.1.13\n1704454 - Update to .NET Core 1.0.16\n1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107\n1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507\n1705259 - Make bash completion compatible with rh-dotnet22 packages\n1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service\n1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service\n1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0820\nhttps://access.redhat.com/security/cve/CVE-2019-0980\nhttps://access.redhat.com/security/cve/CVE-2019-0981\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB\nhMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3\n3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH\nkCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ\npTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa\nUcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN\nNqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg\nz+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB\nn7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP\nDPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD\n/I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm\nKCZo5tPFVoU=dJ6F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0820"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003848"
      },
      {
        "db": "BID",
        "id": "108245"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0820"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0820",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "108245",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003848",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "152999",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "152953",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1839",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1740",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-419",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0820",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0820"
      },
      {
        "db": "BID",
        "id": "108245"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003848"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-419"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0820"
      }
    ]
  },
  "id": "VAR-201905-0991",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T21:59:52.513000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2019-0820 | .NET Framework and .NET Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820"
      },
      {
        "title": "CVE-2019-0820 | .NET Framework \u3068 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0820"
      },
      {
        "title": "Microsoft .NET Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92588"
      },
      {
        "title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191236 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: dotnet security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191259 - Security Advisory"
      },
      {
        "title": "snowflake-connector-net",
        "trust": 0.1,
        "url": "https://github.com/snowflakedb/snowflake-connector-net "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/TortugaResearch/Tortuga.Data.Snowflake "
      },
      {
        "title": "Symantec Threat Intelligence Blog",
        "trust": 0.1,
        "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0820"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003848"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-419"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003848"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0820"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://access.redhat.com/errata/rhsa-2019:1259"
      },
      {
        "trust": 2.2,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820"
      },
      {
        "trust": 0.9,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0820"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2019/at190023.html"
      },
      {
        "trust": 0.7,
        "url": "https://www.securityfocus.com/bid/108245"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/errata/rhsa-2019:1236"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/81042"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152953/red-hat-security-advisory-2019-1236-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.1839/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296"
      },
      {
        "trust": 0.2,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0980"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0981"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980"
      },
      {
        "trust": 0.2,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0820"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/400.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/snowflakedb/snowflake-connector-net"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108245"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0757"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0820"
      },
      {
        "db": "BID",
        "id": "108245"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003848"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-419"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0820"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0820"
      },
      {
        "db": "BID",
        "id": "108245"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003848"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-419"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0820"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0820"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "BID",
        "id": "108245"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003848"
      },
      {
        "date": "2019-05-22T14:39:27",
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "date": "2019-05-16T23:05:23",
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-419"
      },
      {
        "date": "2019-05-16T19:29:00.880000",
        "db": "NVD",
        "id": "CVE-2019-0820"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0820"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "BID",
        "id": "108245"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003848"
      },
      {
        "date": "2021-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-419"
      },
      {
        "date": "2024-11-21T04:17:20.210000",
        "db": "NVD",
        "id": "CVE-2019-0820"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-419"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".NET Framework and  .NET Core Vulnerable to denial of service operation",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003848"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-419"
      }
    ],
    "trust": 0.6
  }
}

var-202005-0234
Vulnerability from variot

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: .NET Core on Red Hat Enterprise Linux 7 security update Advisory ID: RHSA-2020:2476-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2476 Issue date: 2020-06-10 CVE Names: CVE-2020-1108 ==================================================================== 1. Summary:

An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The updated version is .NET Core Runtime 2.1.19 and SDK 2.1.515.

Security Fix(es):

  • dotnet: Denial of service via untrusted input (CVE-2020-1108)

This is an additional update to comprehensively address CVE-2020-1108.

Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1827643 - CVE-2020-1108 dotnet: Denial of service via untrusted input

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet21-2.1-18.el7.src.rpm rh-dotnet21-dotnet-2.1.515-1.el7.src.rpm

x86_64: rh-dotnet21-2.1-18.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-18.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet21-2.1-18.el7.src.rpm rh-dotnet21-dotnet-2.1.515-1.el7.src.rpm

x86_64: rh-dotnet21-2.1-18.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-18.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet21-2.1-18.el7.src.rpm rh-dotnet21-dotnet-2.1.515-1.el7.src.rpm

x86_64: rh-dotnet21-2.1-18.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-18.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2020-1108 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXuCqrtzjgjWX9erEAQgIPg/7Ba2cdZAbQ4uL6AsEoi4kN888lESbUKUM F3VebsFFw9mpaGJ+dp4O6Ihc9kKZdP6uFWq3VE5I5WPD2BcoZF/OoVfCY1FHmFy6 fWSZ0ii+Axg8Mqj4uqxlhlFujkxdeQSpfsY38rtPscLGBROEzPAZnUMH/RDXg9TD 3TdXT4SNVMQPloanzVRDPXEx4OLqgKn9ITpXLah/Jq6zsM37ZDbnM8vQ3o2nH11d 77N+M+RuGsamPfsbu8sEpgvdXkMtorUjO57PDWeWvxNiRYL/5at5TdcTePjWe5YK XANwzPRFtaEU87TFeTVbNrG3MdRl/Uk6FVbuJtNzFIxwi8+qIf1hnUpV0MZxZ1Rg o77fulouuHCSwV/j7/BN9I8Q7EJj/zm52PldVkbsR0JEr4kZMmlVxS9/VL/LroKS qFSAm8yykqI+g7b2EgBQCekIfuurbp1EPeyJ6WcVSb6kcH0xZrXE/t1u/qKIqICe Ozf/bnjDQ0ACpJTE8pAhs5NhrVXvLuz6qhu8kUHTkW6dRxqRCFhAOhnezsfeWG1K nfQOeNfny0SbIJlwh4nsWE3Zv2f/H8KYilfulHvA2SuIGg7mgE0wyPwDXCltyzEW JIlM5YyJrQOHLdjfFi8XRqcU1mFII/F9QoV6KqAoZfJ2LgjXLm9au8MNLWRkN7M1 XE8bQvAYQCc=mOEK -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0234",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "visual studio 2017",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "15.9"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": "visual studio 2019",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.5"
      },
      {
        "model": "powershell",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": "visual studio 2019",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net core",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.1.4"
      },
      {
        "model": ".net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.8"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "visual studio 2019",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.4"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.1"
      },
      {
        "model": ".net",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": ".net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net core",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1.18"
      },
      {
        "model": ".net core",
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": ".net framework",
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006114"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1108"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006114"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "158007"
      },
      {
        "db": "PACKETSTORM",
        "id": "158019"
      },
      {
        "db": "PACKETSTORM",
        "id": "158020"
      },
      {
        "db": "PACKETSTORM",
        "id": "157702"
      },
      {
        "db": "PACKETSTORM",
        "id": "157794"
      },
      {
        "db": "PACKETSTORM",
        "id": "157788"
      },
      {
        "db": "PACKETSTORM",
        "id": "158021"
      },
      {
        "db": "PACKETSTORM",
        "id": "157704"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-570"
      }
    ],
    "trust": 1.4
  },
  "cve": "CVE-2020-1108",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-1108",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006114",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-1108",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006114",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-1108",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-006114",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202005-570",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006114"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-570"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1108"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka \u0027.NET Core \u0026 .NET Framework Denial of Service Vulnerability\u0027. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: .NET Core on Red Hat Enterprise Linux 7 security update\nAdvisory ID:       RHSA-2020:2476-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:2476\nIssue date:        2020-06-10\nCVE Names:         CVE-2020-1108\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. The updated version is .NET Core Runtime 2.1.19 and SDK 2.1.515. \n\nSecurity Fix(es):\n\n* dotnet: Denial of service via untrusted input (CVE-2020-1108)\n\nThis is an additional update to comprehensively address CVE-2020-1108. \n\nDefault inclusions for applications built with .NET Core have been updated\nto reference the newest versions and their security fixes. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1827643 - CVE-2020-1108 dotnet: Denial of service via untrusted input\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-18.el7.src.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-18.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-18.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-18.el7.src.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-18.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-18.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-18.el7.src.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-18.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-18.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1108\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXuCqrtzjgjWX9erEAQgIPg/7Ba2cdZAbQ4uL6AsEoi4kN888lESbUKUM\nF3VebsFFw9mpaGJ+dp4O6Ihc9kKZdP6uFWq3VE5I5WPD2BcoZF/OoVfCY1FHmFy6\nfWSZ0ii+Axg8Mqj4uqxlhlFujkxdeQSpfsY38rtPscLGBROEzPAZnUMH/RDXg9TD\n3TdXT4SNVMQPloanzVRDPXEx4OLqgKn9ITpXLah/Jq6zsM37ZDbnM8vQ3o2nH11d\n77N+M+RuGsamPfsbu8sEpgvdXkMtorUjO57PDWeWvxNiRYL/5at5TdcTePjWe5YK\nXANwzPRFtaEU87TFeTVbNrG3MdRl/Uk6FVbuJtNzFIxwi8+qIf1hnUpV0MZxZ1Rg\no77fulouuHCSwV/j7/BN9I8Q7EJj/zm52PldVkbsR0JEr4kZMmlVxS9/VL/LroKS\nqFSAm8yykqI+g7b2EgBQCekIfuurbp1EPeyJ6WcVSb6kcH0xZrXE/t1u/qKIqICe\nOzf/bnjDQ0ACpJTE8pAhs5NhrVXvLuz6qhu8kUHTkW6dRxqRCFhAOhnezsfeWG1K\nnfQOeNfny0SbIJlwh4nsWE3Zv2f/H8KYilfulHvA2SuIGg7mgE0wyPwDXCltyzEW\nJIlM5YyJrQOHLdjfFi8XRqcU1mFII/F9QoV6KqAoZfJ2LgjXLm9au8MNLWRkN7M1\nXE8bQvAYQCc=mOEK\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1108"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006114"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1108"
      },
      {
        "db": "PACKETSTORM",
        "id": "158007"
      },
      {
        "db": "PACKETSTORM",
        "id": "158019"
      },
      {
        "db": "PACKETSTORM",
        "id": "158020"
      },
      {
        "db": "PACKETSTORM",
        "id": "157702"
      },
      {
        "db": "PACKETSTORM",
        "id": "157794"
      },
      {
        "db": "PACKETSTORM",
        "id": "157788"
      },
      {
        "db": "PACKETSTORM",
        "id": "158021"
      },
      {
        "db": "PACKETSTORM",
        "id": "157704"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-1108",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006114",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "157794",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "158021",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "157704",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2021",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2010",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1814",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1691",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2061",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "46713",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-570",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1108",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158007",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158019",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158020",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "157702",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "157788",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-1108"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006114"
      },
      {
        "db": "PACKETSTORM",
        "id": "158007"
      },
      {
        "db": "PACKETSTORM",
        "id": "158019"
      },
      {
        "db": "PACKETSTORM",
        "id": "158020"
      },
      {
        "db": "PACKETSTORM",
        "id": "157702"
      },
      {
        "db": "PACKETSTORM",
        "id": "157794"
      },
      {
        "db": "PACKETSTORM",
        "id": "157788"
      },
      {
        "db": "PACKETSTORM",
        "id": "158021"
      },
      {
        "db": "PACKETSTORM",
        "id": "157704"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-570"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1108"
      }
    ]
  },
  "id": "VAR-202005-0234",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-24T23:05:00.224000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2020-1108 | .NET Core \u0026 .NET Framework Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108"
      },
      {
        "title": "CVE-2020-1108 | .NET Core \u304a\u3088\u3073 .NET Framework \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-1108"
      },
      {
        "title": "Microsoft .NET Core  and .NET Framework Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118696"
      },
      {
        "title": "Red Hat: Important: .NET Core on Red Hat Enterprise Linux security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202146 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: .NET Core security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202143 - Security Advisory"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-1108"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006114"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-570"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1108"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1108"
      },
      {
        "trust": 1.6,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1108"
      },
      {
        "trust": 0.8,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-1108"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2061/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1691/"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/46713"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157794/red-hat-security-advisory-2020-2250-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158021/red-hat-security-advisory-2020-2475-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1814/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2010/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2021/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-may-2020-32249"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157704/red-hat-security-advisory-2020-2146-01.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/errata/rhsa-2020:2146"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1161"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1161"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181094"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2476"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2471"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2143"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2250"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2249"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2475"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-1108"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006114"
      },
      {
        "db": "PACKETSTORM",
        "id": "158007"
      },
      {
        "db": "PACKETSTORM",
        "id": "158019"
      },
      {
        "db": "PACKETSTORM",
        "id": "158020"
      },
      {
        "db": "PACKETSTORM",
        "id": "157702"
      },
      {
        "db": "PACKETSTORM",
        "id": "157794"
      },
      {
        "db": "PACKETSTORM",
        "id": "157788"
      },
      {
        "db": "PACKETSTORM",
        "id": "158021"
      },
      {
        "db": "PACKETSTORM",
        "id": "157704"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-570"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1108"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2020-1108"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006114"
      },
      {
        "db": "PACKETSTORM",
        "id": "158007"
      },
      {
        "db": "PACKETSTORM",
        "id": "158019"
      },
      {
        "db": "PACKETSTORM",
        "id": "158020"
      },
      {
        "db": "PACKETSTORM",
        "id": "157702"
      },
      {
        "db": "PACKETSTORM",
        "id": "157794"
      },
      {
        "db": "PACKETSTORM",
        "id": "157788"
      },
      {
        "db": "PACKETSTORM",
        "id": "158021"
      },
      {
        "db": "PACKETSTORM",
        "id": "157704"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-570"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1108"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-1108"
      },
      {
        "date": "2020-06-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006114"
      },
      {
        "date": "2020-06-10T15:06:32",
        "db": "PACKETSTORM",
        "id": "158007"
      },
      {
        "date": "2020-06-10T15:11:03",
        "db": "PACKETSTORM",
        "id": "158019"
      },
      {
        "date": "2020-06-10T15:11:11",
        "db": "PACKETSTORM",
        "id": "158020"
      },
      {
        "date": "2020-05-14T20:53:30",
        "db": "PACKETSTORM",
        "id": "157702"
      },
      {
        "date": "2020-05-21T16:41:39",
        "db": "PACKETSTORM",
        "id": "157794"
      },
      {
        "date": "2020-05-21T16:34:50",
        "db": "PACKETSTORM",
        "id": "157788"
      },
      {
        "date": "2020-06-10T15:11:23",
        "db": "PACKETSTORM",
        "id": "158021"
      },
      {
        "date": "2020-05-14T20:53:58",
        "db": "PACKETSTORM",
        "id": "157704"
      },
      {
        "date": "2020-05-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-570"
      },
      {
        "date": "2020-05-21T23:15:14.867000",
        "db": "NVD",
        "id": "CVE-2020-1108"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-12-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-1108"
      },
      {
        "date": "2020-06-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006114"
      },
      {
        "date": "2020-06-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-570"
      },
      {
        "date": "2024-11-21T05:09:45.787000",
        "db": "NVD",
        "id": "CVE-2020-1108"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-570"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".NET Core and  .NET Framework Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006114"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-570"
      }
    ],
    "trust": 0.6
  }
}

var-201801-1150
Vulnerability from variot

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. This vulnerability CVE-2018-0765 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


Title: Microsoft Security Update Releases Issued: January 25, 2018


Summary

The following CVEs have undergone a major revision increment:

  • CVE-2018-0764

Revision Information:

  • https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/CVE-2018-0764
  • Version: 3.0
  • Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0.0 because it is affected by CVE-2018-0764. See https://github.com/PowerShell/Announcements /issues/2 for more information.
  • Originally posted: January 9, 2018
  • Updated: January 25, 2018
  • Aggregate CVE Severity Rating: Important

  • CVE-2018-0786

Revision Information:

  • https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/CVE-2018-0786
  • Version: 3.0
  • Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0.0 because it is affected by CVE-2018-0786. See https://github.com/PowerShell/Announcements /issues/3 for more information.
  • Originally posted: January 9, 2018
  • Updated: January 25, 2018
  • Aggregate CVE Severity Rating: Important

Other Information

Recognize and avoid fraudulent email to Microsoft customers:

If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/dn753714.


THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.


Microsoft respects your privacy. Please read our online Privacy Statement at http://go.microsoft.com/fwlink/?LinkId=81184.

If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033.

These settings will not affect any newsletters youave requested or any mandatory service communications that are considered part of certain Microsoft services.

For legal Information, see: http://www.microsoft.com/info/legalinfo/default.mspx. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:0379-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0379 Issue date: 2018-03-01 CVE Names: CVE-2018-0764 =====================================================================

  1. Summary:

An update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. It implements a subset of the .NET framework APIs and includes a CLR implementation.

  2. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm

x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm

x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm

x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2018-0764 https://access.redhat.com/security/updates/classification/#moderate https://github.com/dotnet/announcements/issues/52

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFal5nzXlSAg2UNWIIRAldoAKCOs8K/QXdtegDgV9D0EbgK5f8dpgCfdT/D hhk5BDNc5IZlJ+doPAaUxt4= =Pz4Z -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1150",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0 sp2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.0 sp2"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.0.0"
      },
      {
        "model": "windows server r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20120"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20120"
      },
      {
        "model": "windows server r2 for x64-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server for itanium-based systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server for 32-bit systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2016"
      },
      {
        "model": "windows rt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.1"
      },
      {
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.10"
      },
      {
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.10"
      },
      {
        "model": "windows for x64-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "model": "windows for 32-bit systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017030"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017030"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1016070"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1016070"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1015110"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1015110"
      },
      {
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "100"
      },
      {
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "100"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "102387"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0764",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-0764",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-0764",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0764",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-0764",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201801-407",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765. This vulnerability CVE-2018-0765 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n********************************************************************\nTitle: Microsoft Security Update Releases\nIssued: January 25, 2018\n********************************************************************\n\nSummary\n======= \n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-0764\n  \nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance/\n   advisory/CVE-2018-0764\n - Version: 3.0\n - Reason for Revision: Revised the Affected Products table to \n   include PowerShell Core 6.0.0 because it is affected by \n   CVE-2018-0764. See https://github.com/PowerShell/Announcements\n   /issues/2 for more information. \n - Originally posted: January 9, 2018 \n - Updated: January 25, 2018\n - Aggregate CVE Severity Rating: Important\n\n* CVE-2018-0786\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance/\n   advisory/CVE-2018-0786\n - Version: 3.0\n - Reason for Revision: Revised the Affected Products table to\n   include PowerShell Core 6.0.0 because it is affected by \n   CVE-2018-0786. See https://github.com/PowerShell/Announcements\n   /issues/3 for more information. \n - Originally posted: January 9, 2018 \n - Updated: January 25, 2018\n - Aggregate CVE Severity Rating: Important\n\n\nOther Information\n=================\n\nRecognize and avoid fraudulent email to Microsoft customers:\n=============================================================\nIf you receive an email message that claims to be distributing \na Microsoft security update, it is a hoax that may contain \nmalware or pointers to malicious websites. Microsoft does \nnot distribute security updates via email. \n\nThe Microsoft Security Response Center (MSRC) uses PGP to digitally \nsign all security notifications. However, PGP is not required for \nreading security notifications, reading security bulletins, or \ninstalling security updates. You can obtain the MSRC public PGP key\nat \u003chttps://technet.microsoft.com/security/dn753714\u003e. \n\n********************************************************************\nTHE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS\nPROVIDED \"AS IS\" WITHOUT WARRANTY OF ANY KIND. MICROSOFT\nDISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING\nTHE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE. \nIN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE\nLIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,\nINCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL\nDAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN\nADVISED OF THE POSSIBILITY OF SUCH DAMAGES. \nSOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY\nFOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING\nLIMITATION MAY NOT APPLY. \n********************************************************************\n\nMicrosoft respects your privacy. Please read our online Privacy\nStatement at \u003chttp://go.microsoft.com/fwlink/?LinkId=81184\u003e. \n\nIf you would prefer not to receive future technical security\nnotification alerts by email from Microsoft and its family of\ncompanies please visit the following website to unsubscribe:\n\u003chttps://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar\nd.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e\u0026%3blcid=1033\u003e. \n\nThese settings will not affect any newsletters youave requested or\nany mandatory service communications that are considered part of\ncertain Microsoft services. \n\nFor legal Information, see:\n\u003chttp://www.microsoft.com/info/legalinfo/default.mspx\u003e. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID:       RHSA-2018:0379-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:0379\nIssue date:        2018-03-01\nCVE Names:         CVE-2018-0764 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and\nrh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and includes a CLR implementation. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0764\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://github.com/dotnet/announcements/issues/52\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFal5nzXlSAg2UNWIIRAldoAKCOs8K/QXdtegDgV9D0EbgK5f8dpgCfdT/D\nhhk5BDNc5IZlJ+doPAaUxt4=\n=Pz4Z\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "db": "BID",
        "id": "102387"
      },
      {
        "db": "PACKETSTORM",
        "id": "146116"
      },
      {
        "db": "PACKETSTORM",
        "id": "146617"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0764",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "102387",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1040152",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "146116",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146617",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "db": "PACKETSTORM",
        "id": "146116"
      },
      {
        "db": "PACKETSTORM",
        "id": "146617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      }
    ]
  },
  "id": "VAR-201801-1150",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T21:39:52.717000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-0764 | .NET and .NET Core Denial Of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764"
      },
      {
        "title": "CVE-2018-0764 | .NET \u304a\u3088\u3073 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0764"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-19",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/102387"
      },
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0764"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2018:0379"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1040152"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0764"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0764"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180002.html"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/powershell/announcements/issues/2"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/net/"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/info/legalinfo/default.mspx\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://go.microsoft.com/fwlink/?linkid=81184\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://github.com/powershell/announcements"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/"
      },
      {
        "trust": 0.1,
        "url": "https://technet.microsoft.com/security/dn753714\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://profile.microsoft.com/regsysprofilecenter/subscriptionwizar"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dotnet/announcements/issues/52"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-0764"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "db": "PACKETSTORM",
        "id": "146116"
      },
      {
        "db": "PACKETSTORM",
        "id": "146617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "102387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "db": "PACKETSTORM",
        "id": "146116"
      },
      {
        "db": "PACKETSTORM",
        "id": "146617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-09T00:00:00",
        "db": "BID",
        "id": "102387"
      },
      {
        "date": "2018-02-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "date": "2018-01-26T13:13:13",
        "db": "PACKETSTORM",
        "id": "146116"
      },
      {
        "date": "2018-03-01T23:24:00",
        "db": "PACKETSTORM",
        "id": "146617"
      },
      {
        "date": "2018-01-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      },
      {
        "date": "2018-01-10T01:29:00.197000",
        "db": "NVD",
        "id": "CVE-2018-0764"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-29T08:00:00",
        "db": "BID",
        "id": "102387"
      },
      {
        "date": "2018-02-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      },
      {
        "date": "2024-11-21T03:38:54.277000",
        "db": "NVD",
        "id": "CVE-2018-0764"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft .NET Framework and  .NET Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      }
    ],
    "trust": 0.6
  }
}

var-202212-1469
Vulnerability from variot

.NET Framework Remote Code Execution Vulnerability. Microsoft .NET Framework是美国微软(Microsoft)公司的一种全面且一致的编程模型,也是一个用于构建Windows、Windows Store、Windows Phone、Windows Server和Microsoft Azure的应用程序的开发平台。该平台包括C#和Visual Basic编程语言、公共语言运行库和广泛的类库

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1469",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.8.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.8"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.0"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019   16.11 (includes 16.0 - 16.10)"
      },
      {
        "model": ".net core",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": ".net",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.4"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.2"
      },
      {
        "model": "microsoft .net framework",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002812"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-41089"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nick Landers\u003c/a\u003e with NetSPI,Eleftherios Panos\u003c/a\u003e with Nettitude\u003c/a\u003e",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2976"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2022-41089",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2022-41089",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-002812",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-41089",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2022-41089",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2022-002812",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202212-2976",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2976"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-41089"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-41089"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".NET Framework Remote Code Execution Vulnerability. Microsoft .NET Framework\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u79cd\u5168\u9762\u4e14\u4e00\u81f4\u7684\u7f16\u7a0b\u6a21\u578b\uff0c\u4e5f\u662f\u4e00\u4e2a\u7528\u4e8e\u6784\u5efaWindows\u3001Windows Store\u3001Windows Phone\u3001Windows Server\u548cMicrosoft Azure\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u5f00\u53d1\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ecC\uff03\u548cVisual Basic\u7f16\u7a0b\u8bed\u8a00\u3001\u516c\u5171\u8bed\u8a00\u8fd0\u884c\u5e93\u548c\u5e7f\u6cdb\u7684\u7c7b\u5e93",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-41089"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2976"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-41089",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002812",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2976",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2976"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-41089"
      }
    ]
  },
  "id": "VAR-202212-1469",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-08-14T13:42:13.989000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": ".NET\u00a0Framework\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability Security Update Guide",
        "trust": 0.8,
        "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41089"
      },
      {
        "title": "Microsoft .NET Framework Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=217209"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2976"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002812"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-41089"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-41089"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41089"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20221214-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2022/at220034.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-net-visual-studio-code-execution-40100"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-41089/"
      },
      {
        "trust": 0.6,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-41089"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2976"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-41089"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2976"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-41089"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-002812"
      },
      {
        "date": "2022-12-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202212-2976"
      },
      {
        "date": "2022-12-13T19:15:12.090000",
        "db": "NVD",
        "id": "CVE-2022-41089"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-20T07:31:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-002812"
      },
      {
        "date": "2022-12-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202212-2976"
      },
      {
        "date": "2023-11-17T17:39:58.597000",
        "db": "NVD",
        "id": "CVE-2022-41089"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2976"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0Microsoft\u00a0 Remote code execution vulnerability in product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002812"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2976"
      }
    ],
    "trust": 0.6
  }
}

var-201801-1128
Vulnerability from variot

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability.". An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1128",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0 sp2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.0 sp2"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.0.0"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20160"
      },
      {
        "model": "windows server r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20120"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20120"
      },
      {
        "model": "windows server r2 for x64-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server r2 for itanium-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server r2 datacenter sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server for x64-based systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server for itanium-based systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server for 32-bit systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows rt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.1"
      },
      {
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.10"
      },
      {
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.10"
      },
      {
        "model": "windows for x64-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "model": "windows for 32-bit systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017030"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017030"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1016070"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1016070"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1015110"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1015110"
      },
      {
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "100"
      },
      {
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "100"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "3.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102380"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-404"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0786"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001239"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "102380"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0786",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-0786",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-0786",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0786",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-0786",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201801-404",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-404"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0786"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\". \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0786"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001239"
      },
      {
        "db": "BID",
        "id": "102380"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0786",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "102380",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1040152",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001239",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-404",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102380"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-404"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0786"
      }
    ]
  },
  "id": "VAR-201801-1128",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T21:39:52.687000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-0786 | .NET Security Feature Bypass Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
      },
      {
        "title": "CVE-2018-0786 | .NET \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0786"
      },
      {
        "title": "Microsoft .NET Framework  and .NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77659"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-404"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-295",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-254",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001239"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0786"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/102380"
      },
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0786"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1040152"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0786"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180002.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0786"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/net/"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102380"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-404"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0786"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "102380"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-404"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0786"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-09T00:00:00",
        "db": "BID",
        "id": "102380"
      },
      {
        "date": "2018-02-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001239"
      },
      {
        "date": "2018-01-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-404"
      },
      {
        "date": "2018-01-10T01:29:00.320000",
        "db": "NVD",
        "id": "CVE-2018-0786"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-09T00:00:00",
        "db": "BID",
        "id": "102380"
      },
      {
        "date": "2018-02-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001239"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-404"
      },
      {
        "date": "2024-11-21T03:38:56.790000",
        "db": "NVD",
        "id": "CVE-2018-0786"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-404"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft .NET Framework and  .NET Core Vulnerabilities that bypass security functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001239"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-404"
      }
    ],
    "trust": 0.6
  }
}

var-201202-0054
Vulnerability from variot

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability.". Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition. The platform includes the C# and Visual Basic programming languages, the common language runtime, and an extensive class library. Microsoft has released updates to address these vulnerabilities.

I. Description

The Microsoft Security Bulletin Summary for February 2012 describes multiple vulnerabilities in Microsoft Windows. Microsoft has released updates to address the vulnerabilities.

II.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for February 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

IV. References


The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA12-045A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA12-045A Feedback VU#752838" in the subject.


For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.


Produced 2012 by US-CERT, a government organization.

Terms of use:

 <http://www.us-cert.gov/legal.html>

Revision History

February 14, 2012: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTzqp2T/GkGVXE7GMAQKh6wgAg9gjZ3sCu3eepRZEyFy4PkGhC4A1jzgw 2soH7tPOimgpzlLVbkJ7/RQYylCYixzEa9PbL9v/RzXh/TVVeXrPU97SqmLOAXr7 gtgcapZBGSHBmqYF5BWRnXVRVOQv+JpmdA5AJHO89qQl4okr9VVTCTnQkrAFyzfP 40uf/Nr0DrTRI9dmEjsLTzvOhh0G2HKnBmbpybGaOqoQao67ih/HEOkp6bsCUBwK joX4C3nK9EdMPNK8YAzrHNbM0ANR5DfieGXBsCwNi6/3zZvGB+PKhAu6bikbQrXW iRpyS3IirvDB59KNlmQp3jdaodNHSLOg5JuF7kOdQ1m8qa+DjwSvJQ== =E3Fg -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0054",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.50524.00"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.51204.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.1.10111"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.603310.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.50917.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.60129.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.50826.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.60531.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.60310.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.60831.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "4.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0 sp2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "4"
      },
      {
        "model": "silverlight",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "4.1.10111   4"
      },
      {
        "model": "windows 7",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x32) sp1 before"
      },
      {
        "model": "windows 7",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64) sp1 before"
      },
      {
        "model": "windows server 2003",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(itanium) sp2"
      },
      {
        "model": "windows server 2003",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64) sp2"
      },
      {
        "model": "windows server 2003",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "sp2"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(itanium) sp2"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64) sp2"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x86) sp2"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "r2(itanium) sp1 before"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "r2(x64) sp1 before"
      },
      {
        "model": "windows vista",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64) sp2"
      },
      {
        "model": "windows vista",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "sp2"
      },
      {
        "model": "windows xp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64) sp2"
      },
      {
        "model": "windows xp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "sp3 sp3"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "4.0"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4"
      },
      {
        "model": "meeting exchange webportal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-0"
      },
      {
        "model": "meeting exchange web conferencing server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-0"
      },
      {
        "model": "meeting exchange streaming server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-0"
      },
      {
        "model": "meeting exchange recording server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-0"
      },
      {
        "model": "meeting exchange client registration server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "communication server telephony manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "10004.0"
      },
      {
        "model": "communication server telephony manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "10003.0"
      },
      {
        "model": "callpilot",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "callpilot",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "51938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:silverlight",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_7",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_server_2003",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_server_2008",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_vista",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_xp",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jeroen Frijters of Sumatra",
    "sources": [
      {
        "db": "BID",
        "id": "51938"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-0014",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2012-0014",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-53295",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2012-0014",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2012-0014",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201202-274",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-53295",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka \".NET Framework Unmanaged Objects Vulnerability.\". Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. \nSuccessful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition. The platform includes the C# and Visual Basic programming languages, the common language runtime, and an extensive class library. Microsoft has released updates to\n   address these vulnerabilities. \n\n\nI. Description\n\n   The Microsoft Security Bulletin Summary for February 2012 describes\n   multiple vulnerabilities in Microsoft Windows. Microsoft has\n   released updates to address the vulnerabilities. \n\n\nII. \n\n\nIII. Solution\n\n   Apply updates\n\n   Microsoft has provided updates for these vulnerabilities in the\n   Microsoft Security Bulletin Summary for February 2012, which\n   describes any known issues related to the updates. Administrators\n   are encouraged to note these issues and test for any potentially\n   adverse effects. In addition, administrators should consider using\n   an automated update distribution system such as Windows Server\n   Update Services (WSUS). Home users are encouraged to enable\n   automatic updates. \n\n\nIV. References\n\n * Microsoft Security Bulletin Summary for February 2012 -\n   \u003chttps://technet.microsoft.com/en-us/security/bulletin/ms12-feb\u003e\n\n * Microsoft Windows Server Update Services -\n   \u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n * Microsoft Update - \u003chttps://www.update.microsoft.com/\u003e\n\n * Microsoft Update Overview -\n   \u003chttp://www.microsoft.com/security/updates/mu.aspx\u003e\n\n * Turn Automatic Updating On or Off -\n   \u003chttp://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off\u003e\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA12-045A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA12-045A Feedback VU#752838\" in\n   the subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2012 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n\n  February 14, 2012: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBTzqp2T/GkGVXE7GMAQKh6wgAg9gjZ3sCu3eepRZEyFy4PkGhC4A1jzgw\n2soH7tPOimgpzlLVbkJ7/RQYylCYixzEa9PbL9v/RzXh/TVVeXrPU97SqmLOAXr7\ngtgcapZBGSHBmqYF5BWRnXVRVOQv+JpmdA5AJHO89qQl4okr9VVTCTnQkrAFyzfP\n40uf/Nr0DrTRI9dmEjsLTzvOhh0G2HKnBmbpybGaOqoQao67ih/HEOkp6bsCUBwK\njoX4C3nK9EdMPNK8YAzrHNbM0ANR5DfieGXBsCwNi6/3zZvGB+PKhAu6bikbQrXW\niRpyS3IirvDB59KNlmQp3jdaodNHSLOg5JuF7kOdQ1m8qa+DjwSvJQ==\n=E3Fg\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "BID",
        "id": "51938"
      },
      {
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "db": "PACKETSTORM",
        "id": "109763"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-0014",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA12-045A",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "51938",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-53295",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109763",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "db": "BID",
        "id": "51938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "PACKETSTORM",
        "id": "109763"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      }
    ]
  },
  "id": "VAR-201202-0054",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53295"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:47:29.046000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS12-016",
        "trust": 0.8,
        "url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-016"
      },
      {
        "title": "MS12-016",
        "trust": 0.8,
        "url": "http://technet.microsoft.com/ja-jp/security/bulletin/ms12-016"
      },
      {
        "title": "TA12-045A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta12-045a.html"
      },
      {
        "title": "Windows6.0-KB2633874-ia64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42658"
      },
      {
        "title": "Windows6.1-KB2633879-x64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42662"
      },
      {
        "title": "Windows6.1-KB2633873-x86",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42666"
      },
      {
        "title": "NDP20SP2-KB2633880-x86",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42654"
      },
      {
        "title": "NDP40-KB2633870-x86",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42657"
      },
      {
        "title": "Windows6.1-KB2633879-ia64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42661"
      },
      {
        "title": "Windows6.1-KB2633873-x64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42665"
      },
      {
        "title": "NDP20SP2-KB2633880-x64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42653"
      },
      {
        "title": "Windows6.0-KB2633874-x86",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42660"
      },
      {
        "title": "Windows6.1-KB2633873-ia64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42664"
      },
      {
        "title": "NDP20SP2-KB2633880-IA64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42652"
      },
      {
        "title": "NDP40-KB2633870-x64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42656"
      },
      {
        "title": "Windows6.0-KB2633874-x64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42659"
      },
      {
        "title": "Windows6.1-KB2633879-x86",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42663"
      },
      {
        "title": "NDP40-KB2633870-IA64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42655"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta12-045a.html"
      },
      {
        "trust": 1.7,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-016"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a13972"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0014"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2012/at120005.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta12-045a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0014"
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/#topics"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/silverlight/"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100156771"
      },
      {
        "trust": 0.3,
        "url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-016"
      },
      {
        "trust": 0.1,
        "url": "http://windows.microsoft.com/en-us/windows-vista/turn-automatic-updating-on-or-off\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.update.microsoft.com/\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://technet.microsoft.com/en-us/security/bulletin/ms12-feb\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/security/updates/mu.aspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta12-045a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "db": "BID",
        "id": "51938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "PACKETSTORM",
        "id": "109763"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "db": "BID",
        "id": "51938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "PACKETSTORM",
        "id": "109763"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-02-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "date": "2012-02-14T00:00:00",
        "db": "BID",
        "id": "51938"
      },
      {
        "date": "2012-02-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "date": "2012-02-15T00:07:50",
        "db": "PACKETSTORM",
        "id": "109763"
      },
      {
        "date": "2012-02-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      },
      {
        "date": "2012-02-14T22:55:01.173000",
        "db": "NVD",
        "id": "CVE-2012-0014"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "date": "2012-02-15T17:40:00",
        "db": "BID",
        "id": "51938"
      },
      {
        "date": "2012-02-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "date": "2020-09-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      },
      {
        "date": "2024-11-21T01:34:11.747000",
        "db": "NVD",
        "id": "CVE-2012-0014"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft .NET Framework and  Silverlight Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      }
    ],
    "trust": 0.6
  }
}

var-201901-1456
Vulnerability from variot

An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. plural Microsoft There is a vulnerability in the product that exposes information. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2019:0040-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0040 Issue date: 2019-01-09 CVE Names: CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 =====================================================================

  1. Summary:

Updates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.5 and 2.2.1.

Security Fix(es):

  • .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure (CVE-2019-0545)

  • .NET Core: ANCM WebSocket DOS (CVE-2019-0548)

  • .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) (CVE-2019-0564)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

For more information, please refer to the upstream docs in the References section.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure 1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) 1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm

x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm

x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm

x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-0545 https://access.redhat.com/security/cve/CVE-2019-0548 https://access.redhat.com/security/cve/CVE-2019-0564 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX 1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq DN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI DgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR ZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R tgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43 +Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV kLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3 L7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR +GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P Atkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc eGIiHj6xieM= =m5dC -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-1456",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.2"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0 sp2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.0 sp2"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.1"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.2"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "106405"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2019-0545",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-0545",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-0545",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-0545",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-0545",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201901-175",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-0545",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0545"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka \".NET Framework Information Disclosure Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. plural Microsoft There is a vulnerability in the product that exposes information. \nSuccessful exploits will allow attackers to obtain sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID:       RHSA-2019:0040-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:0040\nIssue date:        2019-01-09\nCVE Names:         CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for\n.NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 2.1.5 and 2.2.1. \n\nSecurity Fix(es):\n\n* .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final\nresponse leads to info disclosure (CVE-2019-0545)\n\n* .NET Core: ANCM WebSocket DOS (CVE-2019-0548)\n\n* .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and\nASP.NET) (CVE-2019-0564)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream docs in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure\n1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET)\n1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0545\nhttps://access.redhat.com/security/cve/CVE-2019-0548\nhttps://access.redhat.com/security/cve/CVE-2019-0564\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX\n1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq\nDN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI\nDgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR\nZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R\ntgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43\n+Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV\nkLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3\nL7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR\n+GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P\nAtkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc\neGIiHj6xieM=\n=m5dC\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0545"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "BID",
        "id": "106405"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0545"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0545",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "106405",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0545",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "151061",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0545"
      },
      {
        "db": "BID",
        "id": "106405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "id": "VAR-201901-1456",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T22:00:08.612000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2019-0545 | .NET Framework Information Disclosure Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0545"
      },
      {
        "title": "CVE-2019-0545 | .NET Framework \u306e\u60c5\u5831\u6f0f\u3048\u3044\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0545"
      },
      {
        "title": "Microsoft .NET Framework  and .NET Core Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88362"
      },
      {
        "title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190040 - Security Advisory"
      },
      {
        "title": "Red Hat: CVE-2019-0545",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-0545"
      },
      {
        "title": "Description\nContent\nInstall\nUsage\nAutomation\nExamples",
        "trust": 0.1,
        "url": "https://github.com/eeenvik1/scripts_for_YouTrack "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0545"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/106405"
      },
      {
        "trust": 2.0,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0545"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2019:0040"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0545"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0545"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190109-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2019/at190002.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0564"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0548"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0545"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0548"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0548"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0564"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0564"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0545"
      },
      {
        "db": "BID",
        "id": "106405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0545"
      },
      {
        "date": "2019-01-08T00:00:00",
        "db": "BID",
        "id": "106405"
      },
      {
        "date": "2019-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "date": "2019-01-09T15:05:39",
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "date": "2019-01-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      },
      {
        "date": "2019-01-08T21:29:00.580000",
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0545"
      },
      {
        "date": "2019-01-08T00:00:00",
        "db": "BID",
        "id": "106405"
      },
      {
        "date": "2019-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "date": "2022-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      },
      {
        "date": "2024-11-21T04:16:49.683000",
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Microsoft Information disclosure vulnerability in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      }
    ],
    "trust": 0.6
  }
}

var-201805-0649
Vulnerability from variot

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. Successful exploits will attackers to cause a denial of service condition

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0649",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0 sp2"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "104060"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0765",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-0765",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-0765",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0765",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-0765",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201805-309",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka \".NET and .NET Core Denial of Service Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. \nSuccessful exploits will attackers to cause a denial of service condition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0765"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "BID",
        "id": "104060"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0765",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "104060",
        "trust": 1.3
      },
      {
        "db": "SECTRACK",
        "id": "1040851",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "39696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "id": "VAR-201805-0649",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T21:38:57.431000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-0765 | .NET and .NET Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765"
      },
      {
        "title": "CVE-2018-0765 | .NET \u304a\u3088\u3073 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2018-0765"
      },
      {
        "title": "Microsoft .NET Framework  and .NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79987"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-611",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0765"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/104060"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1040851"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0765"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180509-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180021.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0765"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/39696"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "104060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-08T00:00:00",
        "db": "BID",
        "id": "104060"
      },
      {
        "date": "2018-06-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "date": "2018-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      },
      {
        "date": "2018-05-09T19:29:00.323000",
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-08T00:00:00",
        "db": "BID",
        "id": "104060"
      },
      {
        "date": "2018-06-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "date": "2018-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      },
      {
        "date": "2024-11-21T03:38:54.410000",
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft .NET Framework and  .NET Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      }
    ],
    "trust": 0.6
  }
}

var-202001-0125
Vulnerability from variot

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0125",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "3.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.8"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.0 sp2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001106"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0606"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001106"
      }
    ]
  },
  "cve": "CVE-2020-0606",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-0606",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-0606",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-0606",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-0606",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-0606",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-469",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-0606",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-0606"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001106"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-469"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0606"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0605",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-0606"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001106"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-0606"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-0606",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001106",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-469",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-0606",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-0606"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001106"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-469"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0606"
      }
    ]
  },
  "id": "VAR-202001-0125",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T22:44:45.669000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2020-0606 | .NET Framework Remote Code Execution Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606"
      },
      {
        "title": "CVE-2020-0606 | .NET Framework \u306e\u30ea\u30e2\u30fc\u30c8\u3067\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-0606"
      },
      {
        "title": "Microsoft .NET Repair measures for software security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108467"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2020/01/14/patch_tuesday_january_2020/"
      },
      {
        "title": "ZYXEl-CTF-WriteUp",
        "trust": 0.1,
        "url": "https://github.com/HeiTang/ZYXEl-CTF-WriteUp "
      },
      {
        "title": "Symantec Threat Intelligence Blog",
        "trust": 0.1,
        "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-january-2020"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-0606"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001106"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-469"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001106"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0606"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0606"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0606"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20200115-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2020/at200001.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-net-framework-vulnerabilities-of-january-31325"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-0606"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111384"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-0606"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001106"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-469"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0606"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2020-0606"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001106"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-469"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0606"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-0606"
      },
      {
        "date": "2020-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-001106"
      },
      {
        "date": "2020-01-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-469"
      },
      {
        "date": "2020-01-14T23:15:30.487000",
        "db": "NVD",
        "id": "CVE-2020-0606"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-0606"
      },
      {
        "date": "2020-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-001106"
      },
      {
        "date": "2021-01-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-469"
      },
      {
        "date": "2024-11-21T04:53:50.720000",
        "db": "NVD",
        "id": "CVE-2020-0606"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-469"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".NET Framework and  .NET Core Vulnerable to remote code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001106"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-469"
      }
    ],
    "trust": 0.6
  }
}

var-201008-0131
Vulnerability from variot

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.". Microsoft Windows automatically executes code specified in shortcut (LNK and PIF) files. Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. Mac OS X is an operating system used on Mac machines, based on the BSD system. ----------------------------------------------------------------------

"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420."

Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:

http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf


TITLE: Microsoft Windows Shell Shortcut Parsing Vulnerability

SECUNIA ADVISORY ID: SA40647

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40647/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40647

RELEASE DATE: 2010-07-17

DISCUSS ADVISORY: http://secunia.com/advisories/40647/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/40647/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=40647

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been reported in Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in Windows Shell when parsing shortcuts (.lnk) as certain parameters are not properly validated when attempting to load the icon. This can be exploited to automatically execute a program via a specially crafted shortcut.

Successful exploitation requires that a user is e.g. tricked into inserting a removable media (when AutoPlay is enabled) or browse to the root folder of the removable media (when AutoPlay is disabled) using Windows Explorer or a similar file manager. Exploitation may also be possible via network shares and WebDAV shares.

NOTE: This is currently being actively exploited in the wild via infected USB drives.

SOLUTION: The vendor recommends disabling the displaying of icons for shortcuts (please see the Microsoft security advisory for details).

PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.

ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/2286198.mspx

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/


About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


.

I. Microsoft has released updates to address the vulnerabilities.

One of the bulletins released, MS10-046, addresses a previously identified vulnerability in the Windows Shell that is actively being exploited. This vulnerability was also described in US-CERT Vulnerability Note VU#940193.

II.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for August 2010. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

IV. References


The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA10-222A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA10-222A Feedback VU#505527" in the subject.


For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.


Produced 2010 by US-CERT, a government organization.

Terms of use:

 <http://www.us-cert.gov/legal.html>

Revision History

August 10, 2010: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTGGh8j6pPKYJORa3AQKsFggAsrzo1PtpJq5GtMwN1fOuAXXPVmbka/U9 5pskj1MKlXDjWzxC47AAaG4fu7EQ/6flgDhzEifg89Xjmh74abZcwhPxbKHM5Y6+ vgrCmSwINZ0wKiWVmpi3mhIQ4rrjd9N2Db82xtHSv4VRDqpZ3HQreNgV06YsnvAP 6up4qCfL2qKzV7tr2/sCEmbMsjhjc7UK1BNGu1YWNxmHL/ypPF5Mjy7w0FFuOAE8 at64g4/unlRWEi42L+yq/54k41wi3X7s8XecpWgHlgtX9I6kyHKu7QijFB7kOiUd ILCTNCoF5xYIJ4Pdwgsj73rtmHotoRR1uLCLLr1Aisgxluqm61CJpQ== =TqKf -----END PGP SIGNATURE----- .

1) An error in the way Silverlight handles pointers can be exploited to corrupt memory by tricking a user into visiting a web site containing specially crafted Silverlight content.

SOLUTION: Apply patches. 2) The vendor credits Eamon Nerbonne

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201008-0131",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "3.0.40818.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "3.0.40624.00"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2.0.40115.00"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "3.0.40723.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2.0.31005.00"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": "silverlight",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0.50106.0"
      },
      {
        "model": "silverlight",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0.40818.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "3.0.50106.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "BID",
        "id": "42295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:silverlight",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Eamon Nerbonne",
    "sources": [
      {
        "db": "BID",
        "id": "42295"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-1898",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2010-1898",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-44503",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2010-1898",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#940193",
            "trust": 0.8,
            "value": "72.90"
          },
          {
            "author": "NVD",
            "id": "CVE-2010-1898",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201008-105",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-44503",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\". Microsoft Windows automatically executes code specified in shortcut (LNK and PIF) files. Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. \nSuccessful exploits will allow the attacker to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. Mac OS X is an operating system used on Mac machines, based on the BSD system. ----------------------------------------------------------------------\n\n\n\"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420.\"\n\nNon-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:\n\nhttp://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf\n\n\n----------------------------------------------------------------------\n\nTITLE:\nMicrosoft Windows Shell Shortcut Parsing Vulnerability\n\nSECUNIA ADVISORY ID:\nSA40647\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40647/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40647\n\nRELEASE DATE:\n2010-07-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40647/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40647/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40647\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Windows, which can be exploited\nby malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in Windows Shell when\nparsing shortcuts (.lnk) as certain parameters are not properly\nvalidated when attempting to load the icon. This can be exploited to\nautomatically execute a program via a specially crafted shortcut. \n\nSuccessful exploitation requires that a user is e.g. tricked into\ninserting a removable media (when AutoPlay is enabled) or browse to\nthe root folder of the removable media (when AutoPlay is disabled)\nusing Windows Explorer or a similar file manager. Exploitation may\nalso be possible via network shares and WebDAV shares. \n\nNOTE: This is currently being actively exploited in the wild via\ninfected USB drives. \n\nSOLUTION:\nThe vendor recommends disabling the displaying of icons for shortcuts\n(please see the Microsoft security advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nMicrosoft:\nhttp://www.microsoft.com/technet/security/advisory/2286198.mspx\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n\nI. Microsoft has released updates to address the\n   vulnerabilities. \n\n   One of the bulletins released, MS10-046, addresses a previously\n   identified vulnerability in the Windows Shell that is actively\n   being exploited.  This vulnerability was also described in US-CERT\n   Vulnerability Note VU#940193. \n\n\nII. \n\n\nIII. Solution\n\n   Apply updates\n\n   Microsoft has provided updates for these vulnerabilities in the\n   Microsoft Security Bulletin Summary for August 2010. The security\n   bulletin describes any known issues related to the updates. \n   Administrators are encouraged to note these issues and test for any\n   potentially adverse effects. Administrators should consider using\n   an automated update distribution system such as Windows Server\n   Update Services (WSUS). \n\n\nIV. References\n\n * Microsoft Security Bulletin Summary for August 2010 -\n   \u003chttp://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx\u003e\n\n * Microsoft Security Bulletin MS10-046 -\n   \u003chttp://www.microsoft.com/technet/security/bulletin/MS10-046.mspx\u003e\n\n * US-CERT Vulnerability Note VU#940193 -\n   \u003chttp://www.kb.cert.org/vuls/id/940193\u003e\n\n * Microsoft Windows Server Update Services -\n   \u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA10-222A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA10-222A Feedback VU#505527\" in\n   the subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2010 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n\n  August 10, 2010: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBTGGh8j6pPKYJORa3AQKsFggAsrzo1PtpJq5GtMwN1fOuAXXPVmbka/U9\n5pskj1MKlXDjWzxC47AAaG4fu7EQ/6flgDhzEifg89Xjmh74abZcwhPxbKHM5Y6+\nvgrCmSwINZ0wKiWVmpi3mhIQ4rrjd9N2Db82xtHSv4VRDqpZ3HQreNgV06YsnvAP\n6up4qCfL2qKzV7tr2/sCEmbMsjhjc7UK1BNGu1YWNxmHL/ypPF5Mjy7w0FFuOAE8\nat64g4/unlRWEi42L+yq/54k41wi3X7s8XecpWgHlgtX9I6kyHKu7QijFB7kOiUd\nILCTNCoF5xYIJ4Pdwgsj73rtmHotoRR1uLCLLr1Aisgxluqm61CJpQ==\n=TqKf\n-----END PGP SIGNATURE-----\n. \n\n1) An error in the way Silverlight handles pointers can be exploited\nto corrupt memory by tricking a user into visiting a web site\ncontaining specially crafted Silverlight content. \n\nSOLUTION:\nApply patches. \n2) The vendor credits Eamon Nerbonne",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      },
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "BID",
        "id": "42295"
      },
      {
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "db": "PACKETSTORM",
        "id": "92586"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-1898",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA10-222A",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "42295",
        "trust": 1.2
      },
      {
        "db": "NSFOCUS",
        "id": "15600",
        "trust": 1.2
      },
      {
        "db": "SECUNIA",
        "id": "40647",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#940193",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "40872",
        "trust": 0.9
      },
      {
        "db": "BID",
        "id": "41732",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA10-222A",
        "trust": 0.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-2057",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105",
        "trust": 0.7
      },
      {
        "db": "MS",
        "id": "MS10-060",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-44503",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "91929",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "92657",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "92586",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "db": "BID",
        "id": "42295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "db": "PACKETSTORM",
        "id": "92586"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      }
    ]
  },
  "id": "VAR-201008-0131",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-44503"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:02:11.213000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS10-060",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/MS10-060.mspx"
      },
      {
        "title": "MS10-060",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms10-060.mspx"
      },
      {
        "title": "MS10-060e",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/security/bulletins/MS10-060e.mspx"
      },
      {
        "title": "TA10-222A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta10-222a.html"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39800"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39804"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39808"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39812"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39816"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39820"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39824"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39828"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39832"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39836"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39840"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39792"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39796"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39845"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39849"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39853"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39857"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39861"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39865"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39869"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39873"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39877"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39799"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39803"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39807"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39811"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39815"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39819"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39823"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39827"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39831"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39835"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39839"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39795"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39844"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39848"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39852"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39856"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39860"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39864"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39868"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39872"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39876"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39802"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39806"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39810"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39814"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39818"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39822"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39826"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39830"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39834"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39838"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39842"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39794"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39798"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39843"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39847"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39851"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39855"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39846"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39850"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39854"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39858"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39862"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39866"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39870"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39874"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39878"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39829"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39833"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39837"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39841"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39793"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39797"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39801"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39805"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39809"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39813"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39817"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39821"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39825"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39891"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39883"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39887"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39882"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39886"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39890"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39893"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39885"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39889"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39892"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39884"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39888"
      },
      {
        "title": "Silverlight 4 (4.0.50524.0)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39879"
      },
      {
        "title": "Silverlight 4 (4.0.50524.0)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39881"
      },
      {
        "title": "Silverlight 4 (4.0.50524.0)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39880"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39859"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39863"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39867"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39871"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39875"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
      },
      {
        "trust": 1.1,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12033"
      },
      {
        "trust": 1.0,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-060.mspx"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/40647/"
      },
      {
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx"
      },
      {
        "trust": 0.8,
        "url": "http://support.microsoft.com/kb/2286198"
      },
      {
        "trust": 0.8,
        "url": "http://isc.sans.edu/diary.html?storyid=9190"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/41732"
      },
      {
        "trust": 0.8,
        "url": "http://support.microsoft.com/kb/967715"
      },
      {
        "trust": 0.8,
        "url": "http://www.anti-virus.by/en/tempo.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
      },
      {
        "trust": 0.8,
        "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://www.f-secure.com/weblog/archives/00001986.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.f-secure.com/weblog/archives/00001987.html"
      },
      {
        "trust": 0.8,
        "url": "http://support.automation.siemens.com/ww/view/en/43876783"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1898"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2010/at100020.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta10-222a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1898"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/40872"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/42295"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa10-222a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2010/2057"
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/#topics"
      },
      {
        "trust": 0.6,
        "url": "http://www.nipc.org.cn/showvul.aspx?id=nipc-2010-2992"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/15600"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40647/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40647"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/gfx/pdf/secunia_half_year_report_2010.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/940193\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://twitter.com/secunia"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40872/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40872"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40872/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "db": "BID",
        "id": "42295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "db": "PACKETSTORM",
        "id": "92586"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "db": "BID",
        "id": "42295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "db": "PACKETSTORM",
        "id": "92586"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-07-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "date": "2010-08-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "date": "2010-08-10T00:00:00",
        "db": "BID",
        "id": "42295"
      },
      {
        "date": "2010-09-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "date": "2010-07-18T11:49:03",
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "date": "2010-08-12T06:55:56",
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "date": "2010-08-10T09:26:56",
        "db": "PACKETSTORM",
        "id": "92586"
      },
      {
        "date": "2010-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      },
      {
        "date": "2010-08-11T18:47:50.250000",
        "db": "NVD",
        "id": "CVE-2010-1898"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-09-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "date": "2018-10-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "date": "2010-09-29T21:10:00",
        "db": "BID",
        "id": "42295"
      },
      {
        "date": "2010-09-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "date": "2021-07-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      },
      {
        "date": "2024-11-21T01:15:25.230000",
        "db": "NVD",
        "id": "CVE-2010-1898"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Windows automatically executes code specified in shortcut files",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      }
    ],
    "trust": 0.6
  }
}

var-202001-0124
Vulnerability from variot

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0124",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "3.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.8"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.0 sp2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001110"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0605"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001110"
      }
    ]
  },
  "cve": "CVE-2020-0605",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-0605",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-0605",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-0605",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-0605",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-0605",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-474",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001110"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-474"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0605"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0606",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-0605"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001110"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-0605",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001110",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-474",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001110"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-474"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0605"
      }
    ]
  },
  "id": "VAR-202001-0124",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T22:58:27.329000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2020-0605 | .NET Framework Remote Code Execution Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605"
      },
      {
        "title": "CVE-2020-0605 | .NET Framework \u306e\u30ea\u30e2\u30fc\u30c8\u3067\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-0605"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001110"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001110"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0605"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0605"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0605"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20200115-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2020/at200001.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-net-framework-vulnerabilities-of-january-31325"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-0605"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001110"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-474"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0605"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001110"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-474"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0605"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-001110"
      },
      {
        "date": "2020-01-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-474"
      },
      {
        "date": "2020-01-14T23:15:30.427000",
        "db": "NVD",
        "id": "CVE-2020-0605"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-001110"
      },
      {
        "date": "2021-01-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-474"
      },
      {
        "date": "2024-11-21T04:53:50.553000",
        "db": "NVD",
        "id": "CVE-2020-0605"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-474"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".NET Framework and  .NET Core Vulnerable to remote code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001110"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-474"
      }
    ],
    "trust": 0.6
  }
}

var-201905-1230
Vulnerability from variot

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981. This vulnerability CVE-2019-0820 and CVE-2019-0981 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial of service condition.

Bug Fix(es):

  • dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)

  • -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2019:1236-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1236 Issue date: 2019-05-15 CVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 ==================================================================== 1. Summary:

Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

Security Fix(es):

  • dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)

  • dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)

  • dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)

  • Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)

  • Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)

  • Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)

  • Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1654863 - Re-enable bash completion in rh-dotnet22-dotnet 1678932 - Error rebuilding rh-dotnet22-curl in CentOS 1703479 - Broken apphost caused by unset DOTNET_ROOT 1703508 - Update to .NET Core 1.1.13 1704454 - Update to .NET Core 1.0.16 1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107 1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507 1705259 - Make bash completion compatible with rh-dotnet22 packages 1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service 1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service 1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm

x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm

x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm

x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-0820 https://access.redhat.com/security/cve/CVE-2019-0980 https://access.redhat.com/security/cve/CVE-2019-0981 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB hMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3 3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH kCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ pTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa UcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN NqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg z+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB n7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP DPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD /I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm KCZo5tPFVoU=dJ6F -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1230",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.8"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.2"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0 sp2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.0 sp2"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.1"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.2"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108232"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003824"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0980"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003824"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nemanja Mijailovic,Red Hat",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-367"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-0980",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-0980",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-0980",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-0980",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-0980",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-367",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-0980",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0980"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-367"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0980"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981. This vulnerability CVE-2019-0820 and CVE-2019-0981 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial of service condition. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID:       RHSA-2019:1236-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:1236\nIssue date:        2019-05-15\nCVE Names:         CVE-2019-0820 CVE-2019-0980 CVE-2019-0981\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now\navailable for .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)\n\n* dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0980)\n\n* dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0981)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)\n\n* Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)\n\n* Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)\n\n* Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1654863 - Re-enable bash completion in rh-dotnet22-dotnet\n1678932 - Error rebuilding rh-dotnet22-curl in CentOS\n1703479 - Broken apphost caused by unset DOTNET_ROOT\n1703508 - Update to .NET Core 1.1.13\n1704454 - Update to .NET Core 1.0.16\n1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107\n1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507\n1705259 - Make bash completion compatible with rh-dotnet22 packages\n1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service\n1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service\n1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0820\nhttps://access.redhat.com/security/cve/CVE-2019-0980\nhttps://access.redhat.com/security/cve/CVE-2019-0981\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB\nhMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3\n3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH\nkCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ\npTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa\nUcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN\nNqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg\nz+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB\nn7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP\nDPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD\n/I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm\nKCZo5tPFVoU=dJ6F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0980"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003824"
      },
      {
        "db": "BID",
        "id": "108232"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0980"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0980",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "108232",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003824",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "152999",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "152953",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1839",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1740",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-367",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0980",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0980"
      },
      {
        "db": "BID",
        "id": "108232"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003824"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-367"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0980"
      }
    ]
  },
  "id": "VAR-201905-1230",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T21:59:52.650000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2019-0980 | .Net Framework and .Net Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980"
      },
      {
        "title": "CVE-2019-0980 | .NET Framework \u3068 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0980"
      },
      {
        "title": "Microsoft .NET Framework  and .NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92518"
      },
      {
        "title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191236 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: dotnet security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191259 - Security Advisory"
      },
      {
        "title": "sharpfuzz",
        "trust": 0.1,
        "url": "https://github.com/Metalnem/sharpfuzz "
      },
      {
        "title": "Symantec Threat Intelligence Blog",
        "trust": 0.1,
        "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0980"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-367"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-19",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003824"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0980"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://access.redhat.com/errata/rhsa-2019:1259"
      },
      {
        "trust": 2.2,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980"
      },
      {
        "trust": 0.9,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1236"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0980"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2019/at190023.html"
      },
      {
        "trust": 0.7,
        "url": "https://www.securityfocus.com/bid/108232"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/81042"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152953/red-hat-security-advisory-2019-1236-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.1839/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296"
      },
      {
        "trust": 0.2,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0980"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0981"
      },
      {
        "trust": 0.2,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0820"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/19.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/metalnem/sharpfuzz"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108232"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0757"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0980"
      },
      {
        "db": "BID",
        "id": "108232"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003824"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-367"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0980"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0980"
      },
      {
        "db": "BID",
        "id": "108232"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003824"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-367"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0980"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0980"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "BID",
        "id": "108232"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003824"
      },
      {
        "date": "2019-05-22T14:39:27",
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "date": "2019-05-16T23:05:23",
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-367"
      },
      {
        "date": "2019-05-16T19:29:04.957000",
        "db": "NVD",
        "id": "CVE-2019-0980"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0980"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "BID",
        "id": "108232"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003824"
      },
      {
        "date": "2019-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-367"
      },
      {
        "date": "2024-11-21T04:17:36.607000",
        "db": "NVD",
        "id": "CVE-2019-0980"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-367"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft .NET Framework and  .NET Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003824"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-367"
      }
    ],
    "trust": 0.6
  }
}

var-201807-1618
Vulnerability from variot

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


Title: Microsoft Security Update Releases Issued: July 19, 2018


Summary

The following CVEs have undergone a major revision increment:

  • CVE-2018-8202
  • CVE-2018-8260
  • CVE-2018-8284
  • CVE-2018-8356

Revision Information:

  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • Reason for Revision: To address a known issue in the security updates released on July 10, Microsoft is releasing Cumulative Update packages for all supported editions of Windows 10. These packages are available via Microsoft Update catalog, WSUS, or by manually searching Windows Update. Customers who are experiencing issues after installing the July Windows security updates should install the replacement packages as applicable. Please refer to the Affected Products table for the replacement package KB numbers. Customers who have successfully installed the security updates and who are not experiencing any issues do not need to take any action.
  • Originally posted: July 10, 2018
  • Updated: July 19, 2018
  • Aggregate CVE Severity Rating: Important
  • Version: 2.0

The following CVEs have undergone a major revision increment:

  • CVE-2018-0949
  • CVE-2018-8242
  • CVE-2018-8287
  • CVE-2018-8288
  • CVE-2018-8291
  • CVE-2018-8296

Revision Information:

  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • Reason for Revision: To address a known issue in the security updates released on July 10, Microsoft is releasing Cumulative Update packages for Windows 10, and Standalone and Preview Rollup packages for all other supported editions of Windows. These packages are available via Microsoft Update catalog, WSUS, or by manually searching Windows Update. Customers who are experiencing issues after installing the July Windows security updates should install the replacement packages as applicable. Note that the IE Cumulative updates are not affected. Please refer to the Affected Products table for the replacement package KB numbers. Customers who have successfully installed the security updates and who are not experiencing any issues do not need to take any action.
  • Originally posted: July 10, 2018
  • Updated: July 19, 2018
  • Aggregate CVE Severity Rating: Important
  • Version: 2.0

The following CVEs have undergone a major revision increment:

  • CVE-2018-8125 * CVE-2018-8279 * CVE-2018-8301
  • CVE-2018-8206 * CVE-2018-8280 * CVE-2018-8304
  • CVE-2018-8222 * CVE-2018-8282 * CVE-2018-8307
  • CVE-2018-8262 * CVE-2018-8286 * CVE-2018-8308
  • CVE-2018-8274 * CVE-2018-8289 * CVE-2018-8309
  • CVE-2018-8275 * CVE-2018-8290 * CVE-2018-8313
  • CVE-2018-8276 * CVE-2018-8294 * CVE-2018-8314
  • CVE-2018-8278 * CVE-2018-8297 * CVE-2018-8324 * CVE-2018-8325

Revision Information:

  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • Reason for Revision: To address a known issue in the security updates released on July 10, Microsoft is releasing Cumulative Update packages for Windows 10, and Standalone and Preview Rollup packages for all other supported editions of Windows. These packages are available via Microsoft Update catalog, WSUS, or by manually searching Windows Update. Customers who are experiencing issues after installing the July Windows security updates should install the replacement packages as applicable. Please refer to the Affected Products table for the replacement package KB numbers. Customers who have successfully installed the security updates and who are not experiencing any issues do not need to take any action.
  • Originally posted: July 10, 2018
  • Updated: July 19, 2018
  • Aggregate CVE Severity Rating: Critical
  • Version: 2.0

The following CVE has undergone a major revision increment:

  • CVE-2018-8356

Revision Information:

  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0 and PowerShell Core 6.1 because these products are affected by CVE-2018-9356. See https://github.com/PowerShell/Announcements/issues/6 for more information.
  • Originally posted: July 10, 2018
  • Updated: July 19, 2018
  • Aggregate CVE Severity Rating: Important
  • Version: 3.0

Other Information

Recognize and avoid fraudulent email to Microsoft customers:

If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/dn753714.


THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.


Microsoft respects your privacy. Please read our online Privacy Statement at http://go.microsoft.com/fwlink/?LinkId=81184.

If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033.

These settings will not affect any newsletters youave requested or any mandatory service communications that are considered part of certain Microsoft services.

For legal Information, see: http://www.microsoft.com/info/legalinfo/default.mspx.

This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAltRJ4QACgkQEEiO2re1 8uhBGRAAqV/EWkEhrEVrYfOPJe0fzDxFKVu8PespooUpb+/xYFKj0RvyGPBwWkK0 7lGixsk0HDH/VGRevfEPWBUMEDyPp7yudESs7K/Almv0X5Tq9EXa8xsoLOfWmUsF +8OjbFDlsgmJDnsOvrELRAul7bjJDvte3q0jB8QsDIhaMWDOkvKuFfB6M8KwLEJg BeKY/Mudn4BbDxxpMBq72kDCNy6WQar9igbZMS0xu2sDSuTLzqC7qfUg9jseqwhx 5uKJWSKrgCcJ73erJnZRvb1LAglhxD1NGoFdQP36EiIkccOB6kIYv33hpDNd6jf1 S0N8nJVYiUQVqg4ITBtQch5ws6fxXfTIUh7m+oQ4pxvLBbw5QLScub0/AV6ucSaD 9Ace1QwDaOJP+D8aA/+mdmTwr9SvLspNDOm9HkNu10ktRRDyu8PMPf3XGoCAQ1n9 XGtin526zCPy68yFG4BqzN2XSQfft97pwwgcG0KYRV3kB7tbswrtJWOOFbVXvLUl Yd9yvpMql7qfH6p+6f8hS+LG41EEDTqCVEaMT8HTSjld+W36AP2WqlWuSXG9YRBf yhulJ6nF3lbiG1h4pZkY5vrGjvFcfbN4YhSA+FepEolJAnWOtZBg9lswNSuIse3G lvBVHDiKdzpX3ey1qri1czIaC/r46OKW6YuAr4nzhoJKwdfpS34= =b7n1 -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-1618",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework developer pack",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.0 sp2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework_developer_pack",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      }
    ]
  },
  "cve": "CVE-2018-8356",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-8356",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-8356",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-8356",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-8356",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-831",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka \".NET Framework Security Feature Bypass Vulnerability.\" This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n********************************************************************\nTitle: Microsoft Security Update Releases\nIssued: July 19, 2018\n********************************************************************\n\nSummary\n=======\n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-8202\n* CVE-2018-8260\n* CVE-2018-8284\n* CVE-2018-8356\n  \nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: To address a known issue in the security\n   updates released on July 10, Microsoft is releasing Cumulative\n   Update packages for all supported editions of Windows 10. These\n   packages are available via Microsoft Update catalog, WSUS, or by\n   manually searching Windows Update. Customers who are experiencing\n   issues after installing the July Windows security updates should\n   install the replacement packages as applicable. Please refer to the Affected Products table for the\n   replacement package KB numbers. Customers who have successfully\n   installed the security updates and who are not experiencing any\n   issues do not need to take any action. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Important\n - Version: 2.0\n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-0949\n* CVE-2018-8242\n* CVE-2018-8287\n* CVE-2018-8288\n* CVE-2018-8291\n* CVE-2018-8296\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: To address a known issue in the security\n   updates released on July 10, Microsoft is releasing Cumulative\n   Update packages for Windows 10, and Standalone and Preview Rollup\n   packages for all other supported editions of Windows. These packages\n   are available via Microsoft Update catalog, WSUS, or by manually\n   searching Windows Update. Customers who are experiencing issues\n   after installing the July Windows security updates should install\n   the replacement packages as applicable. Note that the IE Cumulative\n   updates are not affected. Please refer to the Affected Products\n   table for the replacement package KB numbers. Customers who have\n   successfully installed the security updates and who are not\n   experiencing any issues do not need to take any action. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Important\n - Version: 2.0\n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-8125\t* CVE-2018-8279\t* CVE-2018-8301\n* CVE-2018-8206\t* CVE-2018-8280\t* CVE-2018-8304\n* CVE-2018-8222\t* CVE-2018-8282\t* CVE-2018-8307\n* CVE-2018-8262\t* CVE-2018-8286\t* CVE-2018-8308\n* CVE-2018-8274\t* CVE-2018-8289\t* CVE-2018-8309\n* CVE-2018-8275\t* CVE-2018-8290\t* CVE-2018-8313\n* CVE-2018-8276\t* CVE-2018-8294\t* CVE-2018-8314\n* CVE-2018-8278\t* CVE-2018-8297\t* CVE-2018-8324\n\t\t\t\t* CVE-2018-8325\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: To address a known issue in the security\n   updates released on July 10, Microsoft is releasing Cumulative\n   Update packages for Windows 10, and Standalone and Preview Rollup\n   packages for all other supported editions of Windows. These\n   packages are available via Microsoft Update catalog, WSUS, or by\n   manually searching Windows Update. Customers who are experiencing\n   issues after installing the July Windows security updates should\n   install the replacement packages as applicable. Please refer to the\n   Affected Products table for the replacement package KB numbers. \n   Customers who have successfully installed the security updates and\n   who are not experiencing any issues do not need to take any action. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Critical\n - Version: 2.0\n\n The following CVE has undergone a major revision increment:\n\n* CVE-2018-8356\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: Revised the Affected Products table to\n   include PowerShell Core 6.0 and PowerShell Core 6.1 because\n   these products are affected by CVE-2018-9356. See \n   https://github.com/PowerShell/Announcements/issues/6 for \n   more information. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Important\n - Version: 3.0\n\nOther Information\n=================\n\nRecognize and avoid fraudulent email to Microsoft customers:\n=============================================================\nIf you receive an email message that claims to be distributing \na Microsoft security update, it is a hoax that may contain \nmalware or pointers to malicious websites. Microsoft does \nnot distribute security updates via email. \n\nThe Microsoft Security Response Center (MSRC) uses PGP to digitally \nsign all security notifications. However, PGP is not required for \nreading security notifications, reading security bulletins, or \ninstalling security updates. You can obtain the MSRC public PGP key\nat \u003chttps://technet.microsoft.com/security/dn753714\u003e. \n\n********************************************************************\nTHE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS\nPROVIDED \"AS IS\" WITHOUT WARRANTY OF ANY KIND. MICROSOFT\nDISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING\nTHE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE. \nIN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE\nLIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,\nINCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL\nDAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN\nADVISED OF THE POSSIBILITY OF SUCH DAMAGES. \nSOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY\nFOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING\nLIMITATION MAY NOT APPLY. \n********************************************************************\n\nMicrosoft respects your privacy. Please read our online Privacy\nStatement at \u003chttp://go.microsoft.com/fwlink/?LinkId=81184\u003e. \n\nIf you would prefer not to receive future technical security\nnotification alerts by email from Microsoft and its family of\ncompanies please visit the following website to unsubscribe:\n\u003chttps://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar\nd.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e\u0026%3blcid=1033\u003e. \n\nThese settings will not affect any newsletters youave requested or\nany mandatory service communications that are considered part of\ncertain Microsoft services. \n\nFor legal Information, see:\n\u003chttp://www.microsoft.com/info/legalinfo/default.mspx\u003e. \n\nThis newsletter was sent by:\nMicrosoft Corporation\n1 Microsoft Way\nRedmond, Washington, USA\n98052\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAltRJ4QACgkQEEiO2re1\n8uhBGRAAqV/EWkEhrEVrYfOPJe0fzDxFKVu8PespooUpb+/xYFKj0RvyGPBwWkK0\n7lGixsk0HDH/VGRevfEPWBUMEDyPp7yudESs7K/Almv0X5Tq9EXa8xsoLOfWmUsF\n+8OjbFDlsgmJDnsOvrELRAul7bjJDvte3q0jB8QsDIhaMWDOkvKuFfB6M8KwLEJg\nBeKY/Mudn4BbDxxpMBq72kDCNy6WQar9igbZMS0xu2sDSuTLzqC7qfUg9jseqwhx\n5uKJWSKrgCcJ73erJnZRvb1LAglhxD1NGoFdQP36EiIkccOB6kIYv33hpDNd6jf1\nS0N8nJVYiUQVqg4ITBtQch5ws6fxXfTIUh7m+oQ4pxvLBbw5QLScub0/AV6ucSaD\n9Ace1QwDaOJP+D8aA/+mdmTwr9SvLspNDOm9HkNu10ktRRDyu8PMPf3XGoCAQ1n9\nXGtin526zCPy68yFG4BqzN2XSQfft97pwwgcG0KYRV3kB7tbswrtJWOOFbVXvLUl\nYd9yvpMql7qfH6p+6f8hS+LG41EEDTqCVEaMT8HTSjld+W36AP2WqlWuSXG9YRBf\nyhulJ6nF3lbiG1h4pZkY5vrGjvFcfbN4YhSA+FepEolJAnWOtZBg9lswNSuIse3G\nlvBVHDiKdzpX3ey1qri1czIaC/r46OKW6YuAr4nzhoJKwdfpS34=\n=b7n1\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8356"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "BID",
        "id": 104664
      },
      {
        "db": "PACKETSTORM",
        "id": "148630"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-8356",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "104664",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1041257",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "148630",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": 104664
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "PACKETSTORM",
        "id": "148630"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "id": "VAR-201807-1618",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T21:52:57.468000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-8356 | .NET Framework Security Feature Bypass Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
      },
      {
        "title": "CVE-2018-8356 | .NET Framework \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8356"
      },
      {
        "title": "Microsoft .NET Framework Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81895"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-295",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8356"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1041257"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/104664"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8356"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8356"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180711-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180028.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/info/legalinfo/default.mspx\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://go.microsoft.com/fwlink/?linkid=81184\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8260"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8202"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/powershell/announcements/issues/6"
      },
      {
        "trust": 0.1,
        "url": "https://technet.microsoft.com/security/dn753714\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://profile.microsoft.com/regsysprofilecenter/subscriptionwizar"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8284"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "PACKETSTORM",
        "id": "148630"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": 104664
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "PACKETSTORM",
        "id": "148630"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "date": "2018-07-20T08:22:22",
        "db": "PACKETSTORM",
        "id": "148630"
      },
      {
        "date": "2018-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      },
      {
        "date": "2018-07-11T00:29:02.587000",
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "date": "2022-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      },
      {
        "date": "2024-11-21T04:13:40.677000",
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Microsoft Vulnerabilities that bypass security functions in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      }
    ],
    "trust": 0.6
  }
}

var-202007-0327
Vulnerability from variot

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Critical: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2020:2937-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2937 Issue date: 2020-07-15 CVE Names: CVE-2020-1147 ==================================================================== 1. Summary:

An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address a security vulnerability are now available. The updated version is .NET Core Runtime 2.1.20 and SDK 2.1.516.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet21-2.1-19.el7.src.rpm rh-dotnet21-dotnet-2.1.516-1.el7.src.rpm

x86_64: rh-dotnet21-2.1-19.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-19.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet21-2.1-19.el7.src.rpm rh-dotnet21-dotnet-2.1.516-1.el7.src.rpm

x86_64: rh-dotnet21-2.1-19.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-19.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet21-2.1-19.el7.src.rpm rh-dotnet21-dotnet-2.1.516-1.el7.src.rpm

x86_64: rh-dotnet21-2.1-19.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-19.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2020-1147 https://access.redhat.com/security/updates/classification/#critical

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXw7i7tzjgjWX9erEAQjJcg/6A8FSym0U4wUf51+u8oifaNgi971C1Hcj YHoKmX17Udi6u9wyACSO4MFUaWssoSRblOThz0Ne/zw0q7KUr9Z/cRvdsjsloIz7 VAikaDdBzLQ1gx1ledpCwgFieaHCwyZQ9i1yVEilNmfll7WcoICXMHJCdQerTt5F Ky1I0WICDnN3CUHw+uuwru8inh0K/x+ubTrL5ypVd5gfwgVuePEP6hvLbz3+6LfI EuP/yzx2dPijSOnn4nEKgimiYAmN0kXiFLv/wIrcciVJ3sASQtgeG08e1A35UjSm DVi78xaMGgXLvuKMtwJt4YfD40+wsdla64p+/2RkP8vhfuSpCj2QaKyUsIUplzZY 9XiTDX0TOA/9lH697uvUqrluwwwbSjJRCthMZYWrmP8bZt9YBlaT37FESxhFfZCA nzsFiHVLL+pAx+Gfd1c/lmQzhPgSIgukFOoLu+dthpYiU1z6mlQJQHQbXGit4rYp XYLVDgLZwqLNlkx9HCiuY/pC7oJU+DrWXXP7FIxuh7y79RQCj+tQhbnP0EPmJfnx LRcbfe1YfrjBcjH04K7Cyx7T0PilFt+S9o/Bh4Hq1/DRRagV5J5IKbfdMuaHnYwh 3P/fgWTLWxCv2rovsIcOKNd5XEvGGLGO/UDQ2RdvR8BSaB7iKYwFGbCV0+4pFBMO 27Eu9ftZTIw=ingT -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0327",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": "visual studio 2017",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "15.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": "sharepoint server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2019"
      },
      {
        "model": "sharepoint enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2016"
      },
      {
        "model": "visual studio 2019",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": "visual studio 2019",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.8"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": "visual studio 2017",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "15.9"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "sharepoint enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2013"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "sharepoint server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2010"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "3.1"
      },
      {
        "model": "microsoft .net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2.0 sp2"
      },
      {
        "model": "microsoft .net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "3.0 sp2"
      },
      {
        "model": "microsoft .net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "3.5"
      },
      {
        "model": "microsoft .net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "3.5 and 4.6.2/4.7/4.7.1/4.7.2"
      },
      {
        "model": "microsoft .net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "3.5 and 4.6/4.6.1/4.6.2"
      },
      {
        "model": "microsoft .net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "3.5 and 4.7.1/4.7.2"
      },
      {
        "model": "microsoft .net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "3.5 and 4.7.2"
      },
      {
        "model": "microsoft .net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "3.5 and 4.8"
      },
      {
        "model": "microsoft .net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "3.5.1"
      },
      {
        "model": "microsoft .net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "4.5.2"
      },
      {
        "model": "microsoft .net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "4.6"
      },
      {
        "model": "microsoft .net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2"
      },
      {
        "model": "microsoft .net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "4.8"
      },
      {
        "model": "microsoft sharepoint enterprise server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2013 sp1"
      },
      {
        "model": "microsoft sharepoint enterprise server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2016"
      },
      {
        "model": "microsoft sharepoint server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2010 sp2"
      },
      {
        "model": "microsoft sharepoint server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2017 version 15.9 (includes 15.0 - 15.8)"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019 version 16.0"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019 version 16.4 (includes 16.0 - 16.3)"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019 version 16.6 (includes 16.0 - 16.5)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008157"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1147"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "158436"
      },
      {
        "db": "PACKETSTORM",
        "id": "158433"
      },
      {
        "db": "PACKETSTORM",
        "id": "158432"
      },
      {
        "db": "PACKETSTORM",
        "id": "158431"
      },
      {
        "db": "PACKETSTORM",
        "id": "158465"
      },
      {
        "db": "PACKETSTORM",
        "id": "158467"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-1147",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-1147",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2020-1147",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-1147",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-1147",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-1147",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202007-597",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-1147",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-1147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008157"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-597"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1147"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka \u0027.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability\u0027. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Critical: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID:       RHSA-2020:2937-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:2937\nIssue date:        2020-07-15\nCVE Names:         CVE-2020-1147\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address a security vulnerability are now\navailable. The updated version is .NET Core Runtime 2.1.20 and SDK 2.1.516. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-19.el7.src.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-19.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-19.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-19.el7.src.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-19.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-19.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-19.el7.src.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-19.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-19.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1147\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXw7i7tzjgjWX9erEAQjJcg/6A8FSym0U4wUf51+u8oifaNgi971C1Hcj\nYHoKmX17Udi6u9wyACSO4MFUaWssoSRblOThz0Ne/zw0q7KUr9Z/cRvdsjsloIz7\nVAikaDdBzLQ1gx1ledpCwgFieaHCwyZQ9i1yVEilNmfll7WcoICXMHJCdQerTt5F\nKy1I0WICDnN3CUHw+uuwru8inh0K/x+ubTrL5ypVd5gfwgVuePEP6hvLbz3+6LfI\nEuP/yzx2dPijSOnn4nEKgimiYAmN0kXiFLv/wIrcciVJ3sASQtgeG08e1A35UjSm\nDVi78xaMGgXLvuKMtwJt4YfD40+wsdla64p+/2RkP8vhfuSpCj2QaKyUsIUplzZY\n9XiTDX0TOA/9lH697uvUqrluwwwbSjJRCthMZYWrmP8bZt9YBlaT37FESxhFfZCA\nnzsFiHVLL+pAx+Gfd1c/lmQzhPgSIgukFOoLu+dthpYiU1z6mlQJQHQbXGit4rYp\nXYLVDgLZwqLNlkx9HCiuY/pC7oJU+DrWXXP7FIxuh7y79RQCj+tQhbnP0EPmJfnx\nLRcbfe1YfrjBcjH04K7Cyx7T0PilFt+S9o/Bh4Hq1/DRRagV5J5IKbfdMuaHnYwh\n3P/fgWTLWxCv2rovsIcOKNd5XEvGGLGO/UDQ2RdvR8BSaB7iKYwFGbCV0+4pFBMO\n27Eu9ftZTIw=ingT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008157"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1147"
      },
      {
        "db": "PACKETSTORM",
        "id": "158436"
      },
      {
        "db": "PACKETSTORM",
        "id": "158433"
      },
      {
        "db": "PACKETSTORM",
        "id": "158432"
      },
      {
        "db": "PACKETSTORM",
        "id": "158431"
      },
      {
        "db": "PACKETSTORM",
        "id": "158465"
      },
      {
        "db": "PACKETSTORM",
        "id": "158467"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-1147",
        "trust": 3.1
      },
      {
        "db": "EXPLOITALERT",
        "id": "35992",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "158694",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "163644",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "158876",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008157",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "158436",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "158467",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2441",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2418",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2445",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "50151",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "48747",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2021070135",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2020080098",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-597",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1147",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158433",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158432",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158431",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158465",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-1147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008157"
      },
      {
        "db": "PACKETSTORM",
        "id": "158436"
      },
      {
        "db": "PACKETSTORM",
        "id": "158433"
      },
      {
        "db": "PACKETSTORM",
        "id": "158432"
      },
      {
        "db": "PACKETSTORM",
        "id": "158431"
      },
      {
        "db": "PACKETSTORM",
        "id": "158465"
      },
      {
        "db": "PACKETSTORM",
        "id": "158467"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-597"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1147"
      }
    ]
  },
  "id": "VAR-202007-0327",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T22:44:29.294000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2020-1147\u00a0|\u00a0.NET\u00a0Framework,\u00a0SharePoint\u00a0Server,\u00a0and\u00a0Visual\u00a0Studio\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability Security Update Guide",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1147"
      },
      {
        "title": "Microsoft .NET Framework , SharePoint Server  and Visual Studio Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124874"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2020/07/15/july_2020_patch_tuesday/"
      },
      {
        "title": "Red Hat: Critical: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202937 - Security Advisory"
      },
      {
        "title": "Red Hat: Critical: .NET Core security and bugfix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202988 - Security Advisory"
      },
      {
        "title": "Red Hat: Critical: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202939 - Security Advisory"
      },
      {
        "title": "Red Hat: Critical: .NET Core security and bugfix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202938 - Security Advisory"
      },
      {
        "title": "Red Hat: Critical: .NET Core security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202989 - Security Advisory"
      },
      {
        "title": "Red Hat: Critical: .NET Core 3.1 security and bugfix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202954 - Security Advisory"
      },
      {
        "title": "cs2020_msels",
        "trust": 0.1,
        "url": "https://github.com/wshepherd0010/cs2020_msels "
      },
      {
        "title": "template",
        "trust": 0.1,
        "url": "https://github.com/wshepherd0010/template "
      },
      {
        "title": "EzpzSharepoint",
        "trust": 0.1,
        "url": "https://github.com/H0j3n/EzpzSharepoint "
      },
      {
        "title": "ysoserial.net",
        "trust": 0.1,
        "url": "https://github.com/pwntester/ysoserial.net "
      },
      {
        "title": "nuclei-templates",
        "trust": 0.1,
        "url": "https://github.com/projectdiscovery/nuclei-templates "
      },
      {
        "title": "nuclei-templates",
        "trust": 0.1,
        "url": "https://github.com/storenth/nuclei-templates "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/merlinepedra25/nuclei-templates "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/merlinepedra/nuclei-templates "
      },
      {
        "title": "kenzer-templates",
        "trust": 0.1,
        "url": "https://github.com/Elsfa7-110/kenzer-templates "
      },
      {
        "title": "kenzer-templates",
        "trust": 0.1,
        "url": "https://github.com/ARPSyndicate/kenzer-templates "
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/critical-sharepoint-flaw-dissected-rce-details-now-available/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-1147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008157"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-597"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008157"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1147"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/158694/sharepoint-dataset-datatable-deserialization.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/158876/microsoft-sharepoint-server-2019-remote-code-execution.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/163644/microsoft-sharepoint-server-2019-remote-code-execution.html"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1147"
      },
      {
        "trust": 1.7,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1147"
      },
      {
        "trust": 1.7,
        "url": "https://www.exploitalert.com/view-details.html?id=35992"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1147"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20200715-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2020/at200029.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2020-1147"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-july-2020-32824"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2441/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2445/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158467/red-hat-security-advisory-2020-2989-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/net-core-code-execution-via-xml-source-markup-32836"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2418/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158436/red-hat-security-advisory-2020-2954-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploit-db.com/exploits/50151"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2020080098"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2021070135"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploit-db.com/exploits/48747"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/errata/rhsa-2020:2937"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/wshepherd0010/template"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2954"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2939"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2938"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2988"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2989"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-1147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008157"
      },
      {
        "db": "PACKETSTORM",
        "id": "158436"
      },
      {
        "db": "PACKETSTORM",
        "id": "158433"
      },
      {
        "db": "PACKETSTORM",
        "id": "158432"
      },
      {
        "db": "PACKETSTORM",
        "id": "158431"
      },
      {
        "db": "PACKETSTORM",
        "id": "158465"
      },
      {
        "db": "PACKETSTORM",
        "id": "158467"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-597"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1147"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2020-1147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008157"
      },
      {
        "db": "PACKETSTORM",
        "id": "158436"
      },
      {
        "db": "PACKETSTORM",
        "id": "158433"
      },
      {
        "db": "PACKETSTORM",
        "id": "158432"
      },
      {
        "db": "PACKETSTORM",
        "id": "158431"
      },
      {
        "db": "PACKETSTORM",
        "id": "158465"
      },
      {
        "db": "PACKETSTORM",
        "id": "158467"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-597"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1147"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-1147"
      },
      {
        "date": "2020-09-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008157"
      },
      {
        "date": "2020-07-15T22:47:00",
        "db": "PACKETSTORM",
        "id": "158436"
      },
      {
        "date": "2020-07-15T14:38:40",
        "db": "PACKETSTORM",
        "id": "158433"
      },
      {
        "date": "2020-07-15T14:38:32",
        "db": "PACKETSTORM",
        "id": "158432"
      },
      {
        "date": "2020-07-15T14:38:24",
        "db": "PACKETSTORM",
        "id": "158431"
      },
      {
        "date": "2020-07-17T19:35:18",
        "db": "PACKETSTORM",
        "id": "158465"
      },
      {
        "date": "2020-07-17T19:36:00",
        "db": "PACKETSTORM",
        "id": "158467"
      },
      {
        "date": "2020-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-597"
      },
      {
        "date": "2020-07-14T23:15:12.057000",
        "db": "NVD",
        "id": "CVE-2020-1147"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-1147"
      },
      {
        "date": "2020-09-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008157"
      },
      {
        "date": "2022-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-597"
      },
      {
        "date": "2024-11-21T05:09:50.860000",
        "db": "NVD",
        "id": "CVE-2020-1147"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-597"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0Microsoft\u00a0 Remote Code Execution Vulnerability in Product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008157"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "158436"
      },
      {
        "db": "PACKETSTORM",
        "id": "158433"
      },
      {
        "db": "PACKETSTORM",
        "id": "158432"
      },
      {
        "db": "PACKETSTORM",
        "id": "158431"
      },
      {
        "db": "PACKETSTORM",
        "id": "158465"
      },
      {
        "db": "PACKETSTORM",
        "id": "158467"
      }
    ],
    "trust": 0.6
  }
}

var-201905-1185
Vulnerability from variot

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. This vulnerability CVE-2019-0820 and CVE-2019-0980 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Microsoft .NET Core and Microsoft ASP.NET Core are products of Microsoft Corporation of the United States. .NET Core is a free open source development platform. The platform has features such as multi-language support and cross-platform. Microsoft ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability originates from improper design or implementation during code development of a network system or product. The following products and versions are affected: Microsoft .NET Framework version 4.7.2, version 4.7.1, version 4.6.2, version 4.6.1, version 3.5.1, version 4.8, version 4.7, version 4.6, version 4.5.2, Version 3.5, 3.0 SP2, 2.0 SP2; .NET Core 2.2, 2.1, 1.1, 1.0. An attacker can exploit this issue to cause a denial of service condition.

Bug Fix(es):

  • dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)

  • -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2019:1236-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1236 Issue date: 2019-05-15 CVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 ==================================================================== 1. Summary:

Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

Security Fix(es):

  • dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)

  • dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)

  • dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)

  • Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)

  • Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)

  • Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)

  • Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1654863 - Re-enable bash completion in rh-dotnet22-dotnet 1678932 - Error rebuilding rh-dotnet22-curl in CentOS 1703479 - Broken apphost caused by unset DOTNET_ROOT 1703508 - Update to .NET Core 1.1.13 1704454 - Update to .NET Core 1.0.16 1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107 1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507 1705259 - Make bash completion compatible with rh-dotnet22 packages 1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service 1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service 1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm

x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm

x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-0820 https://access.redhat.com/security/cve/CVE-2019-0980 https://access.redhat.com/security/cve/CVE-2019-0981 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB hMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3 3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH kCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ pTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa UcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN NqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg z+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB n7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP DPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD /I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm KCZo5tPFVoU=dJ6F -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1185",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.8"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.2"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0 sp2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.0 sp2"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.1"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.2"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "2.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "db": "BID",
        "id": "108207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nemanja Mijailovic,Red Hat",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-0981",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-0981",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-20377",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-0981",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-0981",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-0981",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-20377",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-395",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-0981",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. This vulnerability CVE-2019-0820 and CVE-2019-0980 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Microsoft .NET Core and Microsoft ASP.NET Core are products of Microsoft Corporation of the United States. .NET Core is a free open source development platform. The platform has features such as multi-language support and cross-platform. Microsoft ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability originates from improper design or implementation during code development of a network system or product. The following products and versions are affected: Microsoft .NET Framework version 4.7.2, version 4.7.1, version 4.6.2, version 4.6.1, version 3.5.1, version 4.8, version 4.7, version 4.6, version 4.5.2, Version 3.5, 3.0 SP2, 2.0 SP2; .NET Core 2.2, 2.1, 1.1, 1.0. \nAn attacker can exploit this issue to cause a denial of service condition. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID:       RHSA-2019:1236-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:1236\nIssue date:        2019-05-15\nCVE Names:         CVE-2019-0820 CVE-2019-0980 CVE-2019-0981\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now\navailable for .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)\n\n* dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0980)\n\n* dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0981)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)\n\n* Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)\n\n* Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)\n\n* Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1654863 - Re-enable bash completion in rh-dotnet22-dotnet\n1678932 - Error rebuilding rh-dotnet22-curl in CentOS\n1703479 - Broken apphost caused by unset DOTNET_ROOT\n1703508 - Update to .NET Core 1.1.13\n1704454 - Update to .NET Core 1.0.16\n1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107\n1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507\n1705259 - Make bash completion compatible with rh-dotnet22 packages\n1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service\n1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service\n1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0820\nhttps://access.redhat.com/security/cve/CVE-2019-0980\nhttps://access.redhat.com/security/cve/CVE-2019-0981\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB\nhMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3\n3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH\nkCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ\npTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa\nUcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN\nNqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg\nz+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB\nn7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP\nDPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD\n/I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm\nKCZo5tPFVoU=dJ6F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      },
      {
        "db": "BID",
        "id": "108207"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0981",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "108207",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "152999",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "152953",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1839",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1740",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0981",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "db": "BID",
        "id": "108207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "id": "VAR-201905-1185",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:59:52.602000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2019-0981 | .Net Framework and .Net Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981"
      },
      {
        "title": "CVE-2019-0981 | .NET Framework \u3068 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0981"
      },
      {
        "title": "Patch for Microsoft .NET Core and Microsoft ASP.NET Core Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/211629"
      },
      {
        "title": "Microsoft .NET Core  and Microsoft ASP.NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92545"
      },
      {
        "title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191236 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: dotnet security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191259 - Security Advisory"
      },
      {
        "title": "sharpfuzz",
        "trust": 0.1,
        "url": "https://github.com/Metalnem/sharpfuzz "
      },
      {
        "title": "Symantec Threat Intelligence Blog",
        "trust": 0.1,
        "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-19",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981"
      },
      {
        "trust": 2.4,
        "url": "https://access.redhat.com/errata/rhsa-2019:1259"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981"
      },
      {
        "trust": 0.9,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1236"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0981"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2019/at190023.html"
      },
      {
        "trust": 0.7,
        "url": "https://www.securityfocus.com/bid/108207"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/81042"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152953/red-hat-security-advisory-2019-1236-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.1839/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296"
      },
      {
        "trust": 0.2,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820"
      },
      {
        "trust": 0.2,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0980"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0981"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0820"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/19.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/metalnem/sharpfuzz"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0757"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "db": "BID",
        "id": "108207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "db": "BID",
        "id": "108207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "date": "2019-05-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "BID",
        "id": "108207"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "date": "2019-05-22T14:39:27",
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "date": "2019-05-16T23:05:23",
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      },
      {
        "date": "2019-05-16T19:29:05.020000",
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "date": "2019-05-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "BID",
        "id": "108207"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "date": "2019-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      },
      {
        "date": "2024-11-21T04:17:36.803000",
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft  .NET Framework and  .NET Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      }
    ],
    "trust": 0.6
  }
}

cve-2018-8260
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:46
Severity ?
Summary
A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2.
Impacted products
Vendor Product Version
Microsoft Microsoft .NET Framework Version: 4.7.2 on Windows 10 Version 1607 for 32-bit Systems
Version: 4.7.2 on Windows 10 Version 1607 for x64-based Systems
Version: 4.7.2 on Windows 10 Version 1703 for 32-bit Systems
Version: 4.7.2 on Windows 10 Version 1703 for x64-based Systems
Version: 4.7.2 on Windows 10 Version 1709 for 32-bit Systems
Version: 4.7.2 on Windows 10 Version 1709 for x64-based Systems
Version: 4.7.2 on Windows 10 Version 1803 for 32-bit Systems
Version: 4.7.2 on Windows 10 Version 1803 for x64-based Systems
Version: 4.7.2 on Windows 7 for 32-bit Systems Service Pack 1
Version: 4.7.2 on Windows 7 for x64-based Systems Service Pack 1
Version: 4.7.2 on Windows 8.1 for 32-bit systems
Version: 4.7.2 on Windows 8.1 for x64-based systems
Version: 4.7.2 on Windows RT 8.1
Version: 4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Version: 4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Version: 4.7.2 on Windows Server 2012
Version: 4.7.2 on Windows Server 2012 (Server Core installation)
Version: 4.7.2 on Windows Server 2012 R2
Version: 4.7.2 on Windows Server 2012 R2 (Server Core installation)
Version: 4.7.2 on Windows Server 2016
Version: 4.7.2 on Windows Server 2016 (Server Core installation)
Version: 4.7.2 on Windows Server, version 1709 (Server Core Installation)
Version: 4.7.2 on Windows Server, version 1803 (Server Core Installation)
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:13.859Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104666",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104666"
          },
          {
            "name": "1041257",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041257"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8260"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": ".NET Framework",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "4.7.2 Developer Pack"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 10 Version 1607 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 10 Version 1703 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 10 Version 1703 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 8.1 for 32-bit systems"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 8.1 for x64-based systems"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows RT 8.1"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows Server 2012"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows Server 2012 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows Server 2012 R2"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows Server 2012 R2 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows Server 2016"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows Server 2016  (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows Server, version 1709  (Server Core Installation)"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows Server, version 1803  (Server Core Installation)"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka \".NET Framework Remote Code Execution Vulnerability.\" This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "104666",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104666"
        },
        {
          "name": "1041257",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041257"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8260"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8260",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": ".NET Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.7.2 Developer Pack"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "4.7.2 on Windows 10 Version 1607 for x64-based Systems"
                          },
                          {
                            "version_value": "4.7.2 on Windows 10 Version 1703 for 32-bit Systems"
                          },
                          {
                            "version_value": "4.7.2 on Windows 10 Version 1703 for x64-based Systems"
                          },
                          {
                            "version_value": "4.7.2 on Windows 10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "4.7.2 on Windows 10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.7.2 on Windows 8.1 for 32-bit systems"
                          },
                          {
                            "version_value": "4.7.2 on Windows 8.1 for x64-based systems"
                          },
                          {
                            "version_value": "4.7.2 on Windows RT 8.1"
                          },
                          {
                            "version_value": "4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
                          },
                          {
                            "version_value": "4.7.2 on Windows Server 2012"
                          },
                          {
                            "version_value": "4.7.2 on Windows Server 2012 (Server Core installation)"
                          },
                          {
                            "version_value": "4.7.2 on Windows Server 2012 R2"
                          },
                          {
                            "version_value": "4.7.2 on Windows Server 2012 R2 (Server Core installation)"
                          },
                          {
                            "version_value": "4.7.2 on Windows Server 2016"
                          },
                          {
                            "version_value": "4.7.2 on Windows Server 2016  (Server Core installation)"
                          },
                          {
                            "version_value": "4.7.2 on Windows Server, version 1709  (Server Core Installation)"
                          },
                          {
                            "version_value": "4.7.2 on Windows Server, version 1803  (Server Core Installation)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka \".NET Framework Remote Code Execution Vulnerability.\" This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104666",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104666"
            },
            {
              "name": "1041257",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041257"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8260",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8260"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8260",
    "datePublished": "2018-07-11T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:46:13.859Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-8356
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:54
Severity ?
Summary
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
Impacted products
Vendor Product Version
Microsoft .NET Core Version: 1.0
Version: 1.1
Version: 2.0
Microsoft ASP.NET Core Version: 1.0
Version: 1.1
Version: 2.0
Microsoft .NET Framework Version: 4.7.2 Developer Pack
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:54:36.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
          },
          {
            "name": "104664",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104664"
          },
          {
            "name": "1041257",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041257"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft .NET Framework",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1607 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1703 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 8.1 for 32-bit systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 8.1 for x64-based systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server 2012"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server 2012 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server 2012 R2"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server 2012 R2 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server 2016"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server 2016  (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server, version 1709  (Server Core Installation)"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server, version 1803  (Server Core Installation)"
            },
            {
              "status": "affected",
              "version": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows 8.1 for 32-bit systems"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows 8.1 for x64-based systems"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows RT 8.1"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2012"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2012 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2012 R2"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
            },
            {
              "status": "affected",
              "version": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016  (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows Server, version 1803  (Server Core Installation)"
            }
          ]
        },
        {
          "product": ".NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": ".NET Framework",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "4.7.2 Developer Pack"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka \".NET Framework Security Feature Bypass Vulnerability.\" This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
        },
        {
          "name": "104664",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104664"
        },
        {
          "name": "1041257",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041257"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8356",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft .NET Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
                          },
                          {
                            "version_value": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
                          },
                          {
                            "version_value": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
                          },
                          {
                            "version_value": "3.5 on Windows 10 for 32-bit Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 for x64-based Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1607 for x64-based Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1703 for x64-based Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 8.1 for 32-bit systems"
                          },
                          {
                            "version_value": "3.5 on Windows 8.1 for x64-based systems"
                          },
                          {
                            "version_value": "3.5 on Windows Server 2012"
                          },
                          {
                            "version_value": "3.5 on Windows Server 2012 (Server Core installation)"
                          },
                          {
                            "version_value": "3.5 on Windows Server 2012 R2"
                          },
                          {
                            "version_value": "3.5 on Windows Server 2012 R2 (Server Core installation)"
                          },
                          {
                            "version_value": "3.5 on Windows Server 2016"
                          },
                          {
                            "version_value": "3.5 on Windows Server 2016  (Server Core installation)"
                          },
                          {
                            "version_value": "3.5 on Windows Server, version 1709  (Server Core Installation)"
                          },
                          {
                            "version_value": "3.5 on Windows Server, version 1803  (Server Core Installation)"
                          },
                          {
                            "version_value": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
                          },
                          {
                            "version_value": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
                          },
                          {
                            "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
                          },
                          {
                            "version_value": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.5.2 on Windows 8.1 for 32-bit systems"
                          },
                          {
                            "version_value": "4.5.2 on Windows 8.1 for x64-based systems"
                          },
                          {
                            "version_value": "4.5.2 on Windows RT 8.1"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2012"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2012 (Server Core installation)"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2012 R2"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
                          },
                          {
                            "version_value": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
                          },
                          {
                            "version_value": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
                          },
                          {
                            "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
                          },
                          {
                            "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
                          },
                          {
                            "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016  (Server Core installation)"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
                          },
                          {
                            "version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "4.7.2 on Windows Server, version 1803  (Server Core Installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": ".NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0"
                          },
                          {
                            "version_value": "1.1"
                          },
                          {
                            "version_value": "2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0"
                          },
                          {
                            "version_value": "1.1"
                          },
                          {
                            "version_value": "2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": ".NET Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.7.2 Developer Pack"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka \".NET Framework Security Feature Bypass Vulnerability.\" This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Feature Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
            },
            {
              "name": "104664",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104664"
            },
            {
              "name": "1041257",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041257"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8356",
    "datePublished": "2018-07-11T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:54:36.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}