Security Updates for Microsoft .NET Framework (May 2019)

high Nessus Plugin ID 125074

Synopsis

The Microsoft .NET Framework installation on the remote host is affected by multiple vulnerabilities.

Description

The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. (CVE-2019-0864)

- A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Framework (or .NET core) application. The update addresses the vulnerability by correcting how .NET Framework and .NET Core applications handle RegEx string processing. (CVE-2019-0820)

- A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests.
An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework or .NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework or .NET Core application.
The update addresses the vulnerability by correcting how .NET Framework or .NET Core web applications handles web requests. (CVE-2019-0980, CVE-2019-0981)

Solution

Microsoft has released security updates for Microsoft .NET Framework.

See Also

http://www.nessus.org/u?bdb2d327

http://www.nessus.org/u?57eaeb45

http://www.nessus.org/u?e8febb43

http://www.nessus.org/u?3eea20b0

http://www.nessus.org/u?61c5934d

http://www.nessus.org/u?e61005b4

http://www.nessus.org/u?0ebad070

http://www.nessus.org/u?4feee377

http://www.nessus.org/u?dbf9cf36

http://www.nessus.org/u?5b9563a9

http://www.nessus.org/u?c8a3524e

http://www.nessus.org/u?893f7a5d

http://www.nessus.org/u?f1490306

http://www.nessus.org/u?27c62bed

http://www.nessus.org/u?ce90cb7a

http://www.nessus.org/u?34b4ecb6

http://www.nessus.org/u?3239c9ed

http://www.nessus.org/u?ceb0634a

http://www.nessus.org/u?f30c08b8

Plugin Details

Severity: High

ID: 125074

File Name: smb_nt_ms19_may_dotnet.nasl

Version: 1.5

Type: local

Agent: windows

Published: 5/15/2019

Updated: 12/5/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2019-0820

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 5/14/2019

Vulnerability Publication Date: 5/14/2019

Reference Information

CVE: CVE-2019-0820, CVE-2019-0864, CVE-2019-0980, CVE-2019-0981

BID: 108245, 108207, 108232, 108241

MSFT: MS19-4494440, MS19-4495610, MS19-4495611, MS19-4495613, MS19-4495616, MS19-4495620, MS19-4498961, MS19-4498962, MS19-4498963, MS19-4498964, MS19-4499154, MS19-4499167, MS19-4499179, MS19-4499181, MS19-4499405, MS19-4499406, MS19-4499407, MS19-4499408, MS19-4499409

MSKB: 4494440, 4495610, 4495611, 4495613, 4495616, 4495620, 4498961, 4498962, 4498963, 4498964, 4499154, 4499167, 4499179, 4499181, 4499405, 4499406, 4499407, 4499408, 4499409