The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

  - Denial of service vulnerability in Microsoft .NET Framework. (CVE-2023-36042, CVE-2024-21312)

  - Security feature bypass in System.Data.SqlClient SQL data provider. An attacker can perform a     man-in-the-middle attack on the connection between the client and server in order to read and modify the     TLS traffic. (CVE-2024-0056)

  - Security feature bypass in applications that use the X.509 chain building APIs. When processing an     untrusted certificate with malformed signatures, the framework returns an incorrect reason code.
    Applications which make use of this reason code may treat this scenario as a successful chain build,     potentially bypassing the application's typical authentication logic. (CVE-2024-0057)

Detections

Analytics

Security Updates for Microsoft .NET Framework (January 2024)

critical Nessus Plugin ID 187901

Version 1.1