var-201901-1456
Vulnerability from variot

An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. plural Microsoft There is a vulnerability in the product that exposes information. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2019:0040-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0040 Issue date: 2019-01-09 CVE Names: CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 =====================================================================

  1. Summary:

Updates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.5 and 2.2.1.

Security Fix(es):

  • .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure (CVE-2019-0545)

  • .NET Core: ANCM WebSocket DOS (CVE-2019-0548)

  • .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) (CVE-2019-0564)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

For more information, please refer to the upstream docs in the References section.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure 1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) 1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm

x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm

x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm

x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-0545 https://access.redhat.com/security/cve/CVE-2019-0548 https://access.redhat.com/security/cve/CVE-2019-0564 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX 1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq DN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI DgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR ZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R tgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43 +Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV kLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3 L7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR +GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P Atkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc eGIiHj6xieM= =m5dC -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-1456",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.2"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0 sp2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.0 sp2"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.1"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.2"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "106405"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2019-0545",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-0545",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-0545",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-0545",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-0545",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201901-175",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-0545",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0545"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka \".NET Framework Information Disclosure Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. plural Microsoft There is a vulnerability in the product that exposes information. \nSuccessful exploits will allow attackers to obtain sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID:       RHSA-2019:0040-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:0040\nIssue date:        2019-01-09\nCVE Names:         CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for\n.NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 2.1.5 and 2.2.1. \n\nSecurity Fix(es):\n\n* .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final\nresponse leads to info disclosure (CVE-2019-0545)\n\n* .NET Core: ANCM WebSocket DOS (CVE-2019-0548)\n\n* .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and\nASP.NET) (CVE-2019-0564)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream docs in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure\n1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET)\n1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0545\nhttps://access.redhat.com/security/cve/CVE-2019-0548\nhttps://access.redhat.com/security/cve/CVE-2019-0564\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX\n1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq\nDN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI\nDgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR\nZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R\ntgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43\n+Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV\nkLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3\nL7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR\n+GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P\nAtkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc\neGIiHj6xieM=\n=m5dC\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0545"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "BID",
        "id": "106405"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0545"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0545",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "106405",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0545",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "151061",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0545"
      },
      {
        "db": "BID",
        "id": "106405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "id": "VAR-201901-1456",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T22:00:08.612000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2019-0545 | .NET Framework Information Disclosure Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0545"
      },
      {
        "title": "CVE-2019-0545 | .NET Framework \u306e\u60c5\u5831\u6f0f\u3048\u3044\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0545"
      },
      {
        "title": "Microsoft .NET Framework  and .NET Core Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88362"
      },
      {
        "title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190040 - Security Advisory"
      },
      {
        "title": "Red Hat: CVE-2019-0545",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-0545"
      },
      {
        "title": "Description\nContent\nInstall\nUsage\nAutomation\nExamples",
        "trust": 0.1,
        "url": "https://github.com/eeenvik1/scripts_for_YouTrack "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0545"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/106405"
      },
      {
        "trust": 2.0,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0545"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2019:0040"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0545"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0545"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190109-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2019/at190002.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0564"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0548"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0545"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0548"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0548"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0564"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0564"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0545"
      },
      {
        "db": "BID",
        "id": "106405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0545"
      },
      {
        "date": "2019-01-08T00:00:00",
        "db": "BID",
        "id": "106405"
      },
      {
        "date": "2019-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "date": "2019-01-09T15:05:39",
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "date": "2019-01-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      },
      {
        "date": "2019-01-08T21:29:00.580000",
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0545"
      },
      {
        "date": "2019-01-08T00:00:00",
        "db": "BID",
        "id": "106405"
      },
      {
        "date": "2019-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      },
      {
        "date": "2022-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      },
      {
        "date": "2024-11-21T04:16:49.683000",
        "db": "NVD",
        "id": "CVE-2019-0545"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Microsoft Information disclosure vulnerability in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001008"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-175"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.