Security Updates for Microsoft .NET Framework (August 2018)

high Nessus Plugin ID 111693
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The Microsoft .NET Framework installation on the remote host is missing a security update.

Description

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in high-load/high-density network connections where content from one stream can blend into another stream.
(CVE-2018-8360)

Solution

Microsoft has released security updates for Microsoft .NET Framework.

See Also

http://www.nessus.org/u?93e63484

http://www.nessus.org/u?2be0b30b

http://www.nessus.org/u?3356f605

http://www.nessus.org/u?09b4cda4

http://www.nessus.org/u?5d44cd3a

http://www.nessus.org/u?28c48173

http://www.nessus.org/u?cd89d90f

http://www.nessus.org/u?2837f4a2

http://www.nessus.org/u?bf699f3a

http://www.nessus.org/u?124e7bc7

http://www.nessus.org/u?cb3801fe

http://www.nessus.org/u?9ab9852e

http://www.nessus.org/u?f052611d

http://www.nessus.org/u?770b7995

http://www.nessus.org/u?e04d903e

http://www.nessus.org/u?e98b4c8a

http://www.nessus.org/u?7d39617b

http://www.nessus.org/u?088c4696

http://www.nessus.org/u?9775d00a

http://www.nessus.org/u?d0e06c76

http://www.nessus.org/u?44da5a9a

http://www.nessus.org/u?c14a7305

http://www.nessus.org/u?17554e6e

http://www.nessus.org/u?8618865f

http://www.nessus.org/u?dd8bc23c

Plugin Details

Severity: High

ID: 111693

File Name: smb_nt_ms18_aug_dotnet.nasl

Version: 1.6

Type: local

Agent: windows

Published: 8/14/2018

Updated: 11/4/2019

Dependencies: smb_check_dotnet_rollup.nasl, smb_hotfixes.nasl, ms_bulletin_checks_possible.nasl, microsoft_net_framework_installed.nasl

Risk Information

CVSS Score Source: CVE-2018-8360

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 8/14/2018

Vulnerability Publication Date: 8/14/2018

Reference Information

CVE: CVE-2018-8360

BID: 104986

MSKB: 4343887, 4343885, 4343909, 4344147, 4344146, 4344145, 4344144, 4344165, 4344167, 4344166, 4344149, 4344148, 4344152, 4343897, 4343892, 4344150, 4344151, 4344178, 4344153, 4344176, 4344177, 4344175, 4344172, 4344173, 4344171

MSFT: MS18-4343887, MS18-4343885, MS18-4343909, MS18-4344147, MS18-4344146, MS18-4344145, MS18-4344144, MS18-4344165, MS18-4344167, MS18-4344166, MS18-4344149, MS18-4344148, MS18-4344152, MS18-4343897, MS18-4343892, MS18-4344150, MS18-4344151, MS18-4344178, MS18-4344153, MS18-4344176, MS18-4344177, MS18-4344175, MS18-4344172, MS18-4344173, MS18-4344171