Security Updates for Microsoft .NET Framework (May 2019)

high Nessus Plugin ID 125074
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The Microsoft .NET Framework installation on the remote host is affected by multiple vulnerabilities.

Description

The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. (CVE-2019-0864)

- A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Framework (or .NET core) application. The update addresses the vulnerability by correcting how .NET Framework and .NET Core applications handle RegEx string processing. (CVE-2019-0820)

- A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests.
An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework or .NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework or .NET Core application.
The update addresses the vulnerability by correcting how .NET Framework or .NET Core web applications handles web requests. (CVE-2019-0980, CVE-2019-0981)

Solution

Microsoft has released security updates for Microsoft .NET Framework.

See Also

http://www.nessus.org/u?61c5934d

http://www.nessus.org/u?57eaeb45

http://www.nessus.org/u?e61005b4

http://www.nessus.org/u?0ebad070

http://www.nessus.org/u?4feee377

http://www.nessus.org/u?dbf9cf36

http://www.nessus.org/u?5b9563a9

http://www.nessus.org/u?c8a3524e

http://www.nessus.org/u?bdb2d327

http://www.nessus.org/u?893f7a5d

http://www.nessus.org/u?e8febb43

http://www.nessus.org/u?f1490306

http://www.nessus.org/u?27c62bed

http://www.nessus.org/u?3eea20b0

http://www.nessus.org/u?ce90cb7a

http://www.nessus.org/u?34b4ecb6

http://www.nessus.org/u?3239c9ed

http://www.nessus.org/u?ceb0634a

http://www.nessus.org/u?f30c08b8

Plugin Details

Severity: High

ID: 125074

File Name: smb_nt_ms19_may_dotnet.nasl

Version: 1.4

Type: local

Agent: windows

Published: 5/15/2019

Updated: 10/30/2019

Dependencies: smb_check_dotnet_rollup.nasl, smb_hotfixes.nasl, ms_bulletin_checks_possible.nasl, microsoft_net_framework_installed.nasl

Risk Information

CVSS Score Source: CVE-2019-0820

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 5/14/2019

Vulnerability Publication Date: 5/14/2019

Reference Information

CVE: CVE-2019-0820, CVE-2019-0864, CVE-2019-0980, CVE-2019-0981

BID: 108207, 108232, 108241, 108245

MSKB: 4499179, 4494440, 4499406, 4499409, 4499408, 4495611, 4499405, 4499407, 4499154, 4495610, 4499167, 4495613, 4495616, 4499181, 4498964, 4498961, 4495620, 4498963, 4498962

MSFT: MS19-4499179, MS19-4494440, MS19-4499406, MS19-4499409, MS19-4499408, MS19-4495611, MS19-4499405, MS19-4499407, MS19-4499154, MS19-4495610, MS19-4499167, MS19-4495613, MS19-4495616, MS19-4499181, MS19-4498964, MS19-4498961, MS19-4495620, MS19-4498963, MS19-4498962