var-201903-1467
Vulnerability from variot
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. plural Microsoft The product includes URL There is a vulnerability related to input validation due to incomplete analysis method. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update for February 2019 Advisory ID: RHSA-2019:0349-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0349 Issue date: 2019-02-14 CVE Names: CVE-2019-0657 ==================================================================== 1. Summary:
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.14, 1.1.11, 2.1.8, and 2.2.2.
Security Fix(es):
- .dotnet: Domain-spoofing attack in System.Uri (CVE-2019-0657)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
For more information, please refer to the upstream doc in the References section.
- Solution:
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1673891 - CVE-2019-0657 dotnet: Domain-spoofing attack in System.Uri
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0657 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXGTxZNzjgjWX9erEAQg28RAAkXyiq8u2m6G6BJN/7LqO31WHqXGmf+Em SeGsTnrnV9YpjFqPXby3WFz3AHGrTITrOy+JA2WyYTezgc3F4aZu28jHCgsuRJmU AvEg8XitYunmg9sxzr0SUmf8bleFUpawLNh+HiHC/fVUSrHA953yH6QjPDj3KT3+ 27SmMMmUvdqpZOxYrHN9iPfYiqONIKEkHq6vGkplqePPOkWja7v7r7UYm8I493zN cFLWzVI6N17qsLIqe2OduMtZ0tBcdOdKwjxi4BVbVwNmhV1qiXfBotP7RdRjvVgu SJw2LObFjPmfHBZX7c8Q+S4oWSLTO+YnqEzjRopXy8adaxxxFDvYCb5FJ5YGvFNK eI4SDGilbT73PXISefvmxjPM3Vu2T7yvvgGwg9Yl64DPgsLLFBxm2kEpXE7h3ZkH JiTBjT3eOPhuK43X5+X9VnM/9C7Add1xb9HMz1iWvJQidKKJ44FDGFhWoHXZMa2Z oca6jNXGpzqUtpMgsnC4ZM7WISyNtnVdBBE31xwEPl1ssi+Mrsq8lFWiFt1GUnQQ /DCPVS8L1aTsIb1q6SUTzqRkEMi2jADvP+tWohxMw/M2NNFKIEbfEgld2xO5X79F +edr0KVq8fgRgN9GP6rs+xNtS30uO6fLNLzXiT/7kgyvmadyuyzpye8mjDDlzJYX 1Uwk7uAgds0=IIGV -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201903-1467", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powershell core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "6.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.7.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.7.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "3.5.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.7" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.5.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "3.5" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "2.2" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "2.1" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "1.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.3, "vendor": "microsoft", "version": "3.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.3, "vendor": "microsoft", "version": "2.0" }, { "model": "powershell core", "scope": "eq", "trust": 1.1, "vendor": "microsoft", "version": "6.2" }, { "model": "visual studio 2017", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "15.9" }, { "model": "powershell core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "6.0" }, { "model": "visual studio 2017", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2.0 sp2" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "3.0 sp2" }, { "model": "visual studio", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2017" }, { "model": "visual studio", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2017 version 15.9" }, { "model": "visual studio", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "201715.9" }, { "model": "visual studio", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20170" }, { "model": ".net core", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1.1" } ], "sources": [ { "db": "BID", "id": "106890" }, { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "NVD", "id": "CVE-2019-0657" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:microsoft:.net_core", "vulnerable": true }, { "cpe22Uri": "cpe:/a:microsoft:.net_framework", "vulnerable": true }, { "cpe22Uri": "cpe:/a:microsoft:visual_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:microsoft:powershell_core", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002326" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Jonathan Birch of Microsoft Corporation,Red Hat", "sources": [ { "db": "CNNVD", "id": "CNNVD-201902-374" } ], "trust": 0.6 }, "cve": "CVE-2019-0657", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2019-0657", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "id": "CVE-2019-0657", "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-0657", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2019-0657", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201902-374", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "CNNVD", "id": "CNNVD-201902-374" }, { "db": "NVD", "id": "CVE-2019-0657" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability exists in certain .Net Framework API\u0027s and Visual Studio in the way they parse URL\u0027s, aka \u0027.NET Framework and Visual Studio Spoofing Vulnerability\u0027. plural Microsoft The product includes URL There is a vulnerability related to input validation due to incomplete analysis method. \nAn attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update for February 2019\nAdvisory ID: RHSA-2019:0349-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0349\nIssue date: 2019-02-14\nCVE Names: CVE-2019-0657\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for\n.NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 1.0.14, 1.1.11, 2.1.8, and\n2.2.2. \n\nSecurity Fix(es):\n\n* .dotnet: Domain-spoofing attack in System.Uri (CVE-2019-0657)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream doc in the References\nsection. \n\n4. Solution:\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1673891 - CVE-2019-0657 dotnet: Domain-spoofing attack in System.Uri\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-7.el7.src.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-7.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-3.el7.src.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-3.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-7.el7.src.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-7.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-3.el7.src.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-3.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-7.el7.src.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-7.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-3.el7.src.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-3.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-3.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0657\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXGTxZNzjgjWX9erEAQg28RAAkXyiq8u2m6G6BJN/7LqO31WHqXGmf+Em\nSeGsTnrnV9YpjFqPXby3WFz3AHGrTITrOy+JA2WyYTezgc3F4aZu28jHCgsuRJmU\nAvEg8XitYunmg9sxzr0SUmf8bleFUpawLNh+HiHC/fVUSrHA953yH6QjPDj3KT3+\n27SmMMmUvdqpZOxYrHN9iPfYiqONIKEkHq6vGkplqePPOkWja7v7r7UYm8I493zN\ncFLWzVI6N17qsLIqe2OduMtZ0tBcdOdKwjxi4BVbVwNmhV1qiXfBotP7RdRjvVgu\nSJw2LObFjPmfHBZX7c8Q+S4oWSLTO+YnqEzjRopXy8adaxxxFDvYCb5FJ5YGvFNK\neI4SDGilbT73PXISefvmxjPM3Vu2T7yvvgGwg9Yl64DPgsLLFBxm2kEpXE7h3ZkH\nJiTBjT3eOPhuK43X5+X9VnM/9C7Add1xb9HMz1iWvJQidKKJ44FDGFhWoHXZMa2Z\noca6jNXGpzqUtpMgsnC4ZM7WISyNtnVdBBE31xwEPl1ssi+Mrsq8lFWiFt1GUnQQ\n/DCPVS8L1aTsIb1q6SUTzqRkEMi2jADvP+tWohxMw/M2NNFKIEbfEgld2xO5X79F\n+edr0KVq8fgRgN9GP6rs+xNtS30uO6fLNLzXiT/7kgyvmadyuyzpye8mjDDlzJYX\n1Uwk7uAgds0=IIGV\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2019-0657" }, { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "BID", "id": "106890" }, { "db": "PACKETSTORM", "id": "151684" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-0657", "trust": 2.8 }, { "db": "BID", "id": "106890", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2019-002326", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "151684", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.0476", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201902-374", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "106890" }, { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "PACKETSTORM", "id": "151684" }, { "db": "CNNVD", "id": "CNNVD-201902-374" }, { "db": "NVD", "id": "CVE-2019-0657" } ] }, "id": "VAR-201903-1467", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.19172932 }, "last_update_date": "2024-11-23T23:01:51.783000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-0657 | .NET Framework and Visual Studio Spoofing Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657" }, { "title": "CVE-2019-0657 | .NET Framework \u3068 Visual Studio \u306e\u306a\u308a\u3059\u307e\u3057\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2019-0657" }, { "title": "Microsoft .NET Framework and Visual Studio Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89188" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "CNNVD", "id": "CNNVD-201902-374" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "NVD", "id": "CVE-2019-0657" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0657" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/106890" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0657" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:0349" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0657" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20190213-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2019/at190006.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-february-2019-28512" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-february-2019-28485" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75638" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/151684/red-hat-security-advisory-2019-0349-01.html" }, { "trust": 0.3, "url": "https://github.com/powershell/announcements/issues/14" }, { "trust": 0.3, "url": "http://www.microsoft.com" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0657" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" } ], "sources": [ { "db": "BID", "id": "106890" }, { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "PACKETSTORM", "id": "151684" }, { "db": "CNNVD", "id": "CNNVD-201902-374" }, { "db": "NVD", "id": "CVE-2019-0657" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "106890" }, { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "PACKETSTORM", "id": "151684" }, { "db": "CNNVD", "id": "CNNVD-201902-374" }, { "db": "NVD", "id": "CVE-2019-0657" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-02-12T00:00:00", "db": "BID", "id": "106890" }, { "date": "2019-04-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "date": "2019-02-14T14:59:07", "db": "PACKETSTORM", "id": "151684" }, { "date": "2019-02-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201902-374" }, { "date": "2019-03-05T23:29:02.037000", "db": "NVD", "id": "CVE-2019-0657" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-02-21T05:00:00", "db": "BID", "id": "106890" }, { "date": "2019-04-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "date": "2019-04-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201902-374" }, { "date": "2024-11-21T04:17:03.300000", "db": "NVD", "id": "CVE-2019-0657" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201902-374" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Microsoft Vulnerability related to input validation in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002326" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201902-374" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.