DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2021-31957", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-31957", "description": "ASP.NET Denial of Service Vulnerability", "published": "2021-06-08T23:15:00", "modified": "2023-08-01T23:15:00", "epss": [{"cve": "CVE-2021-31957", "epss": 0.00214, "percentile": 0.58565, "modified": "2023-08-06"}], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.2, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31957", "reporter": "secure@microsoft.com", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W/"], "cvelist": ["CVE-2021-31957"], "immutableFields": [], "lastseen": "2023-08-06T18:59:14", "viewCount": 92, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:2352", "ALSA-2021:2353"]}, {"type": "altlinux", "idList": ["0A8B4F7539A685F6CFE70F6AD2395477", "3ADB8D1E592DB28A30A369E4066C88AC", "551C54E499C0DD394544C6AAD788CCC1", "5A61BB058329AB7F3DDD1DADDD016726", "6D6DC73488675F6D3E05017E1C3E90F5", "8751C6056ED7473C9C9086B590746805", "97248F752AEF925BD9D225D99FD71A8A"]}, {"type": "archlinux", "idList": ["ASA-202106-37", "ASA-202106-38"]}, {"type": "fedora", "idList": ["FEDORA:1AC3930B07A1", "FEDORA:1FF73306AB62", "FEDORA:4C54630AF047", "FEDORA:DCFB730ABB3D"]}, {"type": "github", "idList": ["GHSA-MCWM-2WMC-6HV4"]}, {"type": "kaspersky", "idList": ["KLA12200"]}, {"type": "mscve", "idList": ["MS:CVE-2021-31957"]}, {"type": "nessus", "idList": ["MACOSX_MS21_JUN_VISUAL_STUDIO.NASL", "ORACLELINUX_ELSA-2021-2352.NASL", "ORACLELINUX_ELSA-2021-2353.NASL", "REDHAT-RHSA-2021-2350.NASL", "REDHAT-RHSA-2021-2351.NASL", "REDHAT-RHSA-2021-2352.NASL", "REDHAT-RHSA-2021-2353.NASL", "ROCKY_LINUX_RLSA-2021-2352.NASL", "ROCKY_LINUX_RLSA-2021-2353.NASL", "SMB_NT_MS21_JUNE_VISUAL_STUDIO.NASL", "SMB_NT_MS21_JUN_DOTNET_CORE_SDK.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-2352", "ELSA-2021-2353"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:23EF75126B24C22C999DAD4D7A2E9DF5"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E44F025D612AC4EA5DF9F2B56FF8680C"]}, {"type": "redhat", "idList": ["RHSA-2021:2350", "RHSA-2021:2351", "RHSA-2021:2352", "RHSA-2021:2353"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-31957"]}, {"type": "rocky", "idList": ["RLSA-2021:2352", "RLSA-2021:2353"]}]}, "score": {"value": 2.4, "vector": "NONE"}, "twitter": {"counter": 7, "modified": "2021-06-29T07:45:20", "tweets": [{"link": "https://twitter.com/prophaze/status/1404742846608035840", "text": "New Vulnerability Release: Microsoft .NET 3.1/5.0 denial of service [CVE-2021-31957] https://t.co/zoxiVoWrqM?amp=1\n/hashtag/Exploit?src=hashtag_click:No /hashtag/Local?src=hashtag_click:No /hashtag/Product?src=hashtag_click:.NET /hashtag/Remote?src=hashtag_click:Yes"}, {"link": "https://twitter.com/prophaze/status/1404742846608035840", "text": "New Vulnerability Release: Microsoft .NET 3.1/5.0 denial of service [CVE-2021-31957] https://t.co/zoxiVoWrqM?amp=1\n/hashtag/Exploit?src=hashtag_click:No /hashtag/Local?src=hashtag_click:No /hashtag/Product?src=hashtag_click:.NET /hashtag/Remote?src=hashtag_click:Yes"}, {"link": "https://twitter.com/threatintelctr/status/1409806498834833409", "text": " NEW: CVE-2021-31957 https://t.co/15ELtNHZHB?amp=1 Denial of Service Vulnerability Severity: HIGH https://t.co/Vnt9OGn4z2?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1409617711303331841", "text": " NEW: CVE-2021-31957 https://t.co/15ELtNZAz9?amp=1 Denial of Service Vulnerability Severity: HIGH https://t.co/Vnt9OGEFqA?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1409637816141705219", "text": "New post from https://t.co/9KYxtdHHVL?amp=1 (CVE-2021-31957 (.net, .net_core, fedora, visual_studio_2019)) has been published on https://t.co/nFTIEtigP6?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1405004809997012993", "text": " NEW: CVE-2021-31957 https://t.co/15ELtNHZHB?amp=1 Denial of Service Vulnerability Severity: [object Object] https://t.co/Vnt9OGn4z2?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1409637869707169793", "text": "New post from https://t.co/uXvPWJPHkR?amp=1 (CVE-2021-31957 (.net, .net_core, fedora, visual_studio_2019)) has been published on https://t.co/hkgu9bxQQ7?amp=1"}]}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:2352", "ALSA-2021:2353"]}, {"type": "archlinux", "idList": ["ASA-202106-37", "ASA-202106-38"]}, {"type": "fedora", "idList": ["FEDORA:1AC3930B07A1", "FEDORA:1FF73306AB62", "FEDORA:4C54630AF047", "FEDORA:DCFB730ABB3D"]}, {"type": "github", "idList": ["GHSA-MCWM-2WMC-6HV4"]}, {"type": "kaspersky", "idList": ["KLA12200"]}, {"type": "mscve", "idList": ["MS:CVE-2021-31957"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2021-2352.NASL", "ORACLELINUX_ELSA-2021-2353.NASL", "REDHAT-RHSA-2021-2350.NASL", "REDHAT-RHSA-2021-2351.NASL", "REDHAT-RHSA-2021-2352.NASL", "REDHAT-RHSA-2021-2353.NASL", "SMB_NT_MS21_JUNE_VISUAL_STUDIO.NASL", "SMB_NT_MS21_JUN_DOTNET_CORE_SDK.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-2352", "ELSA-2021-2353"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:23EF75126B24C22C999DAD4D7A2E9DF5"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E44F025D612AC4EA5DF9F2B56FF8680C"]}, {"type": "redhat", "idList": ["RHSA-2021:2352"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-31957"]}, {"type": "rocky", "idList": ["RLSA-2021:2352", "RLSA-2021:2353"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "microsoft .net", "version": 5}, {"name": "microsoft .net core", "version": 3}, {"name": "microsoft visual studio 2019", "version": 8}, {"name": "microsoft visual studio 2019", "version": 16}, {"name": "fedoraproject fedora", "version": 33}, {"name": "fedoraproject fedora", "version": 34}]}, "epss": [{"cve": "CVE-2021-31957", "epss": 0.00158, "percentile": 0.50863, "modified": "2023-05-07"}], "vulnersScore": 2.4}, "_state": {"dependencies": 1691349861, "score": 1691349818, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "76594cba0b54f5802ed9071c994186da"}, "cna_cvss": {"cna": "microsoft", "cvss": {"3": {"vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "score": 5.9}}}, "cpe": ["cpe:/a:microsoft:visual_studio_2019:16.10", "cpe:/o:fedoraproject:fedora:34", "cpe:/a:microsoft:visual_studio_2019:8.10", "cpe:/a:microsoft:.net_core:3.1.15", "cpe:/a:microsoft:.net:5.0.6", "cpe:/o:fedoraproject:fedora:33"], "cpe23": ["cpe:2.3:a:microsoft:.net_core:3.1.15:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2019:16.10:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*"], "cwe": ["NVD-CWE-noinfo"], "affectedSoftware": [{"cpeName": "microsoft:visual_studio_2019", "version": "16.10", "operator": "le", "name": "microsoft visual studio 2019"}, {"cpeName": "microsoft:visual_studio_2019", "version": "8.10", "operator": "eq", "name": "microsoft visual studio 2019"}, {"cpeName": "microsoft:.net", "version": "5.0.6", "operator": "le", "name": "microsoft .net"}, {"cpeName": "microsoft:.net_core", "version": "3.1.15", "operator": "le", "name": "microsoft .net core"}, {"cpeName": "fedoraproject:fedora", "version": "33", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "34", "operator": "eq", "name": "fedoraproject fedora"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:16.10:*:*:*:*:*:*:*", "versionStartIncluding": "16.0", "versionEndIncluding": "16.10", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:microsoft:.net:5.0.6:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndIncluding": "5.0.6", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:3.1.15:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndIncluding": "3.1.15", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2/", "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2/", "refsource": "MISC", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/", "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/", "refsource": "MISC", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY/", "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY/", "refsource": "MISC", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W/", "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W/", "refsource": "MISC", "tags": []}], "product_info": [{"vendor": "Microsoft", "product": ".NET Core 3.1"}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9)"}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)"}, {"vendor": "Microsoft", "product": ".NET 5.0"}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)"}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)"}, {"vendor": "Microsoft", "product": "Visual Studio 2019 for Mac version 8.10"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en-US", "type": "Impact"}]}], "exploits": [], "assigned": "2021-04-30T00:00:00"}

{"nessus": [{"lastseen": "2023-05-18T15:30:22", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2352 advisory.\n\n - ASP.NET Denial of Service Vulnerability (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-11T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : .NET / Core / 3.1 (ELSA-2021-2352)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:aspnetcore-runtime-3.1", "p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-3.1", "p-cpe:/a:oracle:linux:dotnet-apphost-pack-3.1", "p-cpe:/a:oracle:linux:dotnet-hostfxr-3.1", "p-cpe:/a:oracle:linux:dotnet-runtime-3.1", "p-cpe:/a:oracle:linux:dotnet-sdk-3.1", "p-cpe:/a:oracle:linux:dotnet-targeting-pack-3.1", "p-cpe:/a:oracle:linux:dotnet-templates-3.1"], "id": "ORACLELINUX_ELSA-2021-2352.NASL", "href": "https://www.tenable.com/plugins/nessus/150725", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2352.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150725);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/11\");\n\n script_cve_id(\"CVE-2021-31957\");\n\n script_name(english:\"Oracle Linux 8 : .NET / Core / 3.1 (ELSA-2021-2352)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-2352 advisory.\n\n - ASP.NET Denial of Service Vulnerability (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2352.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31957\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-apphost-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-hostfxr-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-templates-3.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'aspnetcore-runtime-3.1-3.1.16-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-3.1-3.1.16-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-3.1.16-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-3.1.16-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-3.1.16-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-3.1.116-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-3.1-3.1.16-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-3.1-3.1.116-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-3.1 / aspnetcore-targeting-pack-3.1 / dotnet-apphost-pack-3.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:48:42", "description": "The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:2352 advisory.\n\n - ASP.NET Denial of Service Vulnerability (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : .NET Core 3.1 (RLSA-2021:2352)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31957"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:aspnetcore-runtime-3.1", "p-cpe:/a:rocky:linux:aspnetcore-runtime-5.0", "p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-3.1", "p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-5.0", "cpe:/o:rocky:linux:8", "p-cpe:/a:rocky:linux:dotnet", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-3.1", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-3.1-debuginfo", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-host", "p-cpe:/a:rocky:linux:dotnet-host-debuginfo", "p-cpe:/a:rocky:linux:dotnet-hostfxr-3.1", "p-cpe:/a:rocky:linux:dotnet-hostfxr-3.1-debuginfo", "p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0", "p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-runtime-3.1", "p-cpe:/a:rocky:linux:dotnet-runtime-3.1-debuginfo", "p-cpe:/a:rocky:linux:dotnet-runtime-5.0", "p-cpe:/a:rocky:linux:dotnet-runtime-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-sdk-3.1", "p-cpe:/a:rocky:linux:dotnet-sdk-3.1-debuginfo", "p-cpe:/a:rocky:linux:dotnet-sdk-5.0", "p-cpe:/a:rocky:linux:dotnet-sdk-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-targeting-pack-3.1", "p-cpe:/a:rocky:linux:dotnet-targeting-pack-5.0", "p-cpe:/a:rocky:linux:dotnet-templates-3.1", "p-cpe:/a:rocky:linux:dotnet-templates-5.0", "p-cpe:/a:rocky:linux:dotnet3.1-debuginfo", "p-cpe:/a:rocky:linux:dotnet3.1-debugsource", "p-cpe:/a:rocky:linux:dotnet5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet5.0-debugsource", "p-cpe:/a:rocky:linux:netstandard-targeting-pack-2.1"], "id": "ROCKY_LINUX_RLSA-2021-2352.NASL", "href": "https://www.tenable.com/plugins/nessus/157779", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:2352.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157779);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2021-31957\");\n script_xref(name:\"RLSA\", value:\"2021:2352\");\n script_xref(name:\"IAVA\", value:\"2021-A-0278-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0274-S\");\n\n script_name(english:\"Rocky Linux 8 : .NET Core 3.1 (RLSA-2021:2352)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nRLSA-2021:2352 advisory.\n\n - ASP.NET Denial of Service Vulnerability (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:2352\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1966990\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31957\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-3.1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-host-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-3.1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-3.1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-3.1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-templates-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-templates-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet3.1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet3.1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet5.0-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-3.1-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-5.0-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-3.1-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-5.0.204-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-debuginfo-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-debuginfo-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-debuginfo-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-debuginfo-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-debuginfo-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-debuginfo-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-debuginfo-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-3.1.116-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-debuginfo-3.1.116-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.204-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-debuginfo-5.0.204-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-3.1-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-3.1-3.1.116-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.204-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet3.1-debuginfo-3.1.116-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet3.1-debugsource-3.1.116-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet5.0-debuginfo-5.0.204-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet5.0-debugsource-5.0.204-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-5.0.204-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-3.1 / aspnetcore-runtime-5.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:05", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2350 advisory.\n\n - dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-09T00:00:00", "type": "nessus", "title": "RHEL 7 : .NET Core 3.1 on RHEL 7 (RHSA-2021:2350)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31957"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-aspnetcore-runtime-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-aspnetcore-targeting-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-apphost-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-host", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-hostfxr-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-runtime-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-sdk-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-targeting-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-templates-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-netstandard-targeting-pack-2.1"], "id": "REDHAT-RHSA-2021-2350.NASL", "href": "https://www.tenable.com/plugins/nessus/150386", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2350. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150386);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-31957\");\n script_xref(name:\"RHSA\", value:\"2021:2350\");\n script_xref(name:\"IAVA\", value:\"2021-A-0278-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0274-S\");\n\n script_name(english:\"RHEL 7 : .NET Core 3.1 on RHEL 7 (RHSA-2021:2350)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:2350 advisory.\n\n - dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1966990\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31957\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(772);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-aspnetcore-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-aspnetcore-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-apphost-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-hostfxr-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-sdk-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-templates-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-3.1.116-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-host-3.1.16-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-dotnet31-aspnetcore-runtime-3.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:42", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2351 advisory.\n\n - dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-09T00:00:00", "type": "nessus", "title": "RHEL 7 : .NET 5.0 on RHEL 7 (RHSA-2021:2351)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31957"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-aspnetcore-runtime-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-aspnetcore-targeting-pack-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-apphost-pack-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-host", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-hostfxr-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-runtime-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-sdk-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-targeting-pack-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-templates-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-netstandard-targeting-pack-2.1"], "id": "REDHAT-RHSA-2021-2351.NASL", "href": "https://www.tenable.com/plugins/nessus/150387", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2351. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150387);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-31957\");\n script_xref(name:\"RHSA\", value:\"2021:2351\");\n script_xref(name:\"IAVA\", value:\"2021-A-0278-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0274-S\");\n\n script_name(english:\"RHEL 7 : .NET 5.0 on RHEL 7 (RHSA-2021:2351)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:2351 advisory.\n\n - dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1966990\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31957\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(772);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-aspnetcore-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-aspnetcore-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-apphost-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-hostfxr-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-sdk-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-templates-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-dotnet50-aspnetcore-runtime-5.0-5.0.7-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.7-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-5.0.204-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-apphost-pack-5.0-5.0.7-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-host-5.0.7-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-hostfxr-5.0-5.0.7-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-runtime-5.0-5.0.7-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-sdk-5.0-5.0.204-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-targeting-pack-5.0-5.0.7-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-templates-5.0-5.0.204-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-netstandard-targeting-pack-2.1-5.0.204-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-dotnet50-aspnetcore-runtime-5.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:10:15", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2353 advisory.\n\n - ASP.NET Denial of Service Vulnerability (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : .NET / 5.0 (ELSA-2021-2353)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:aspnetcore-runtime-5.0", "p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-5.0", "p-cpe:/a:oracle:linux:dotnet", "p-cpe:/a:oracle:linux:dotnet-apphost-pack-5.0", "p-cpe:/a:oracle:linux:dotnet-host", "p-cpe:/a:oracle:linux:dotnet-hostfxr-5.0", "p-cpe:/a:oracle:linux:dotnet-runtime-5.0", "p-cpe:/a:oracle:linux:dotnet-sdk-5.0", "p-cpe:/a:oracle:linux:dotnet-targeting-pack-5.0", "p-cpe:/a:oracle:linux:dotnet-templates-5.0", "p-cpe:/a:oracle:linux:netstandard-targeting-pack-2.1"], "id": "ORACLELINUX_ELSA-2021-2353.NASL", "href": "https://www.tenable.com/plugins/nessus/150495", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2353.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150495);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\"CVE-2021-31957\");\n\n script_name(english:\"Oracle Linux 8 : .NET / 5.0 (ELSA-2021-2353)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-2353 advisory.\n\n - ASP.NET Denial of Service Vulnerability (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2353.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31957\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-apphost-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-hostfxr-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-templates-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netstandard-targeting-pack-2.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'aspnetcore-runtime-5.0-5.0.7-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.7-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-5.0.204-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.7-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-5.0.7-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.7-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.7-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.204-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.7-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.204-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-5.0.204-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-5.0 / aspnetcore-targeting-pack-5.0 / dotnet / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:44", "description": "The Microsoft Visual Studio Products are missing a security update. They are, therefore, affected by a denial of service (DoS) vulnerability due to improper handling of client connections. An unauthenticated, remote attacker can exploit this issue to cause the applications to stop responding.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-09T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Visual Studio Products (June 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31957"], "modified": "2022-06-27T00:00:00", "cpe": ["cpe:/a:microsoft:visual_studio"], "id": "SMB_NT_MS21_JUNE_VISUAL_STUDIO.NASL", "href": "https://www.tenable.com/plugins/nessus/150418", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150418);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/27\");\n\n script_cve_id(\"CVE-2021-31957\");\n script_xref(name:\"IAVA\", value:\"2021-A-0278-S\");\n\n script_name(english:\"Security Updates for Microsoft Visual Studio Products (June 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Visual Studio Products are missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Visual Studio Products are missing a security update. They are, therefore, affected by a denial of service \n(DoS) vulnerability due to improper handling of client connections. An unauthenticated, remote attacker can exploit \nthis issue to cause the applications to stop responding.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.4#16.4.23\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?83268e80\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.7#16.7.16\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30138c7e\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.9#16.9.7\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9497ffd6\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes#16.10.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?db72b947\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n - Update 16.4.23 for Visual Studio 2019\n - Update 16.7.16 for Visual Studio 2019\n - Update 16.9.7 for Visual Studio 2019\n - Update 16.10.1 for Visual Studio 2019\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31957\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:visual_studio\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ms_bulletin_checks_possible.nasl\", \"microsoft_visual_studio_installed.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\", \"installed_sw/Microsoft Visual Studio\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('install_func.inc');\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\n\nget_kb_item_or_exit('installed_sw/Microsoft Visual Studio');\n\nvar port = kb_smb_transport();\nvar appname = 'Microsoft Visual Studio';\nvar installs = get_installs(app_name:appname, exit_if_not_found:TRUE);\nvar report = '';\n\nforeach var install (installs[1])\n{\n var version = install['version'];\n var path = install['path'];\n var prod = install['product_version'];\n var fix = '';\n \n if (prod == '2019') \n {\n # VS 2019 Version 16.0-4\n if (version =~ \"^16\\.[0-4]\\.\") \n {\n fix = '16.4.31327.141';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.5-7\n else if (version =~ \"^16\\.[5-7]\\.\")\n {\n fix = '16.7.31327.30';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.8-9\n else if (version =~ \"^16\\.[89]\\.\")\n {\n fix = '16.9.31328.270';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.10\n else if (version =~ \"^16\\.10\\.\")\n {\n fix = '16.10.31402.337';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n }\n}\n\nif (empty(report))\n audit(AUDIT_INST_VER_NOT_VULN, appname);\n\nsecurity_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:07", "description": "The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:2353 advisory.\n\n - ASP.NET Denial of Service Vulnerability (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : .NET 5.0 (RLSA-2021:2353)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31957"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:aspnetcore-runtime-3.1", "p-cpe:/a:rocky:linux:aspnetcore-runtime-5.0", "p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-3.1", "p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-5.0", "p-cpe:/a:rocky:linux:dotnet", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-3.1", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-3.1-debuginfo", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-host", "p-cpe:/a:rocky:linux:dotnet-host-debuginfo", "p-cpe:/a:rocky:linux:dotnet-hostfxr-3.1", "p-cpe:/a:rocky:linux:dotnet-hostfxr-3.1-debuginfo", "p-cpe:/a:rocky:linux:netstandard-targeting-pack-2.1", "cpe:/o:rocky:linux:8", "p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0", "p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-runtime-3.1", "p-cpe:/a:rocky:linux:dotnet-runtime-3.1-debuginfo", "p-cpe:/a:rocky:linux:dotnet-runtime-5.0", "p-cpe:/a:rocky:linux:dotnet-runtime-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-sdk-3.1", "p-cpe:/a:rocky:linux:dotnet-sdk-3.1-debuginfo", "p-cpe:/a:rocky:linux:dotnet-sdk-5.0", "p-cpe:/a:rocky:linux:dotnet-sdk-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-targeting-pack-3.1", "p-cpe:/a:rocky:linux:dotnet-targeting-pack-5.0", "p-cpe:/a:rocky:linux:dotnet-templates-3.1", "p-cpe:/a:rocky:linux:dotnet-templates-5.0", "p-cpe:/a:rocky:linux:dotnet3.1-debuginfo", "p-cpe:/a:rocky:linux:dotnet3.1-debugsource", "p-cpe:/a:rocky:linux:dotnet5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet5.0-debugsource"], "id": "ROCKY_LINUX_RLSA-2021-2353.NASL", "href": "https://www.tenable.com/plugins/nessus/157836", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:2353.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157836);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2021-31957\");\n script_xref(name:\"RLSA\", value:\"2021:2353\");\n script_xref(name:\"IAVA\", value:\"2021-A-0278-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0274-S\");\n\n script_name(english:\"Rocky Linux 8 : .NET 5.0 (RLSA-2021:2353)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nRLSA-2021:2353 advisory.\n\n - ASP.NET Denial of Service Vulnerability (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:2353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1966990\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31957\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-3.1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-host-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-3.1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-3.1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-3.1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-templates-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-templates-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet3.1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet3.1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet5.0-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-3.1-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-5.0-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-3.1-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-5.0.204-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-debuginfo-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-debuginfo-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-debuginfo-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-debuginfo-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-debuginfo-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-debuginfo-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-debuginfo-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-3.1.116-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-debuginfo-3.1.116-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.204-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-debuginfo-5.0.204-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-3.1-3.1.16-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.7-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-3.1-3.1.116-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.204-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet3.1-debuginfo-3.1.116-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet3.1-debugsource-3.1.116-1.el8_4.rocky.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet5.0-debuginfo-5.0.204-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet5.0-debugsource-5.0.204-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-5.0.204-1.el8_4.rocky', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-3.1 / aspnetcore-runtime-5.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:42", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2353 advisory.\n\n - dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-16T00:00:00", "type": "nessus", "title": "RHEL 8 : .NET 5.0 (RHSA-2021:2353)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31957"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-5.0", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-5.0", "p-cpe:/a:redhat:enterprise_linux:dotnet", "p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-5.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-host", "p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-5.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-5.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-5.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-5.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-templates-5.0", "p-cpe:/a:redhat:enterprise_linux:netstandard-targeting-pack-2.1"], "id": "REDHAT-RHSA-2021-2353.NASL", "href": "https://www.tenable.com/plugins/nessus/150818", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2353. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150818);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-31957\");\n script_xref(name:\"RHSA\", value:\"2021:2353\");\n script_xref(name:\"IAVA\", value:\"2021-A-0278-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0274-S\");\n\n script_name(english:\"RHEL 8 : .NET 5.0 (RHSA-2021:2353)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:2353 advisory.\n\n - dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1966990\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31957\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(772);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-templates-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-5.0-5.0.7-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.7-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-5.0.204-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.7-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-5.0.7-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.7-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.7-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.204-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.7-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.204-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-5.0.204-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-5.0-5.0.7-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.7-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-5.0.204-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.7-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-5.0.7-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.7-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.7-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.204-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.7-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.204-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-5.0.204-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-5.0-5.0.7-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.7-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-5.0.204-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.7-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-5.0.7-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.7-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.7-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.204-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.7-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.204-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-5.0.204-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-5.0 / aspnetcore-targeting-pack-5.0 / dotnet / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:35", "description": "The Microsoft .NET Core SDK installation on the remote host is version 3.1.x prior to 3.1.116, 3.1.2xx prior to 3.1.410, 5.x prior to 5.0.204, or 5.0.3xx prior to 5.0.301. It is, therefore, affected by a denial of service vulnerability. An unauthenticated, remote attacker can exploit this to cause the application to stop responding.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-08T00:00:00", "type": "nessus", "title": "Security Update for .NET Core SDK (June 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31957"], "modified": "2021-08-12T00:00:00", "cpe": ["cpe:/a:microsoft:.net_core"], "id": "SMB_NT_MS21_JUN_DOTNET_CORE_SDK.NASL", "href": "https://www.tenable.com/plugins/nessus/150365", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150365);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\"CVE-2021-31957\");\n script_xref(name:\"IAVA\", value:\"2021-A-0274-S\");\n\n script_name(english:\"Security Update for .NET Core SDK (June 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a .NET Core SDK denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft .NET Core SDK installation on the remote host is version 3.1.x prior to 3.1.116, 3.1.2xx prior to\n3.1.410, 5.x prior to 5.0.204, or 5.0.3xx prior to 5.0.301. It is, therefore, affected by a denial of service\nvulnerability. An unauthenticated, remote attacker can exploit this to cause the application to stop responding.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dotnet.microsoft.com/download/dotnet-core/3.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dotnet.microsoft.com/download/dotnet/5.0\");\n # https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.16/3.1.16.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf839a13\");\n # https://github.com/dotnet/core/blob/main/release-notes/5.0/5.0.7/5.0.7.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c41b94c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update .NET Core SDK, remove vulnerable packages and refer to vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31957\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_core\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_dotnet_core_sdk_win.nbin\");\n script_require_keys(\"installed_sw/.NET Core SDK Windows\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = '.NET Core SDK Windows';\n\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [\n { 'min_version' : '3.1', 'fixed_version' : '3.1.116' },\n { 'min_version' : '3.1.200', 'fixed_version' : '3.1.410' },\n { 'min_version' : '5.0', 'fixed_version' : '5.0.204' },\n { 'min_version' : '5.0.300', 'fixed_version' : '5.0.301' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:11:04", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2352 advisory.\n\n - dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-16T00:00:00", "type": "nessus", "title": "RHEL 8 : .NET Core 3.1 (RHSA-2021:2352)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31957"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-3.1", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-templates-3.1", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6"], "id": "REDHAT-RHSA-2021-2352.NASL", "href": "https://www.tenable.com/plugins/nessus/150820", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2352. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150820);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-31957\");\n script_xref(name:\"RHSA\", value:\"2021:2352\");\n script_xref(name:\"IAVA\", value:\"2021-A-0278-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0274-S\");\n\n script_name(english:\"RHEL 8 : .NET Core 3.1 (RHSA-2021:2352)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:2352 advisory.\n\n - dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2352\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1966990\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31957\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(772);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-templates-3.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-3.1-3.1.16-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-3.1-3.1.16-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-3.1.16-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-3.1.16-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-3.1.16-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-3.1.116-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-3.1-3.1.16-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-3.1-3.1.116-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-3.1-3.1.16-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-3.1-3.1.16-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-3.1.16-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-3.1.16-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-3.1.16-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-3.1.116-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-3.1-3.1.16-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-3.1-3.1.116-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-3.1-3.1.16-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-3.1-3.1.16-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-3.1.16-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-3.1.16-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-3.1.16-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-3.1.116-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-3.1-3.1.16-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-3.1-3.1.116-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-3.1 / aspnetcore-targeting-pack-3.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:54", "description": "The Microsoft Visual Studio 2019 runtime installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by a denial of service vulnerability. When a .NET application utilizing libgdiplus on a non-Windows system accepts input, an attacker could send a specially crafted request that could result in application crashes.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version", "cvss3": {}, "published": "2021-06-24T00:00:00", "type": "nessus", "title": "Security Update for Visual Studio 2019 (June 2021) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-24112", "CVE-2021-31957"], "modified": "2021-08-12T00:00:00", "cpe": ["cpe:/a:microsoft:visual_studio"], "id": "MACOSX_MS21_JUN_VISUAL_STUDIO.NASL", "href": "https://www.tenable.com/plugins/nessus/150988", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150988);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\"CVE-2021-31957\");\n script_xref(name:\"IAVA\", value:\"2021-A-0278-S\");\n\n script_name(english:\"Security Update for Visual Studio 2019 (June 2021) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is affected by DoS vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Visual Studio 2019 runtime installed on the remote macOS or Mac OS X host is missing a security update. \nIt is, therefore, affected by a denial of service vulnerability. When a .NET application utilizing libgdiplus on\na non-Windows system accepts input, an attacker could send a specially crafted request that could result in application crashes.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported\nversion\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112\");\n # https://docs.microsoft.com/en-gb/visualstudio/releasenotes/vs2019-mac-relnotes\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ffcc8699\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Visual Studio 2019 version 8.10.0.1773 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31957\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:visual_studio\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"visual_studio_mac_installed.nbin\");\n script_require_keys(\"installed_sw/Visual Studio\", \"Host/MacOSX/Version\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nget_kb_item_or_exit('Host/MacOSX/Version');\n\nvar app_info = vcf::get_app_info(app:'Visual Studio');\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nvar constraints = [ { 'fixed_version' : '8.10.0.1773' } ];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "archlinux": [{"lastseen": "2023-08-06T22:43:27", "description": "Arch Linux Security Advisory ASA-202106-38\n==========================================\n\nSeverity: Medium\nDate : 2021-06-15\nCVE-ID : CVE-2021-31957\nPackage : aspnet-runtime-3.1\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2047\n\nSummary\n=======\n\nThe package aspnet-runtime-3.1 before version 3.1.16.sdk116-1 is\nvulnerable to denial of service.\n\nResolution\n==========\n\nUpgrade to 3.1.16.sdk116-1.\n\n# pacman -Syu \"aspnet-runtime-3.1>=3.1.16.sdk116-1\"\n\nThe problem has been fixed upstream in version 3.1.16.sdk116.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA denial of service vulnerability exists in .NET 5.0 before Runtime\n5.0.7 and SDK 5.0.204 as well as .NET Core 3.1 before Runtime 3.1.16\nand SDK 3.1.116 in ASP.NET.\n\nImpact\n======\n\nA remote attacker could crash an ASP.NET application.\n\nReferences\n==========\n\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957\nhttps://github.com/dotnet/announcements/issues/189\nhttps://security.archlinux.org/CVE-2021-31957", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-15T00:00:00", "type": "archlinux", "title": "[ASA-202106-38] aspnet-runtime-3.1: denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-15T00:00:00", "id": "ASA-202106-38", "href": "https://security.archlinux.org/ASA-202106-38", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-06T22:43:33", "description": "Arch Linux Security Advisory ASA-202106-37\n==========================================\n\nSeverity: Medium\nDate : 2021-06-15\nCVE-ID : CVE-2021-31957\nPackage : aspnet-runtime\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2046\n\nSummary\n=======\n\nThe package aspnet-runtime before version 5.0.7.sdk204-1 is vulnerable\nto denial of service.\n\nResolution\n==========\n\nUpgrade to 5.0.7.sdk204-1.\n\n# pacman -Syu \"aspnet-runtime>=5.0.7.sdk204-1\"\n\nThe problem has been fixed upstream in version 5.0.7.sdk204.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA denial of service vulnerability exists in .NET 5.0 before Runtime\n5.0.7 and SDK 5.0.204 as well as .NET Core 3.1 before Runtime 3.1.16\nand SDK 3.1.116 in ASP.NET.\n\nImpact\n======\n\nA remote attacker could crash an ASP.NET application.\n\nReferences\n==========\n\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957\nhttps://github.com/dotnet/announcements/issues/189\nhttps://security.archlinux.org/CVE-2021-31957", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-15T00:00:00", "type": "archlinux", "title": "[ASA-202106-37] aspnet-runtime: denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-15T00:00:00", "id": "ASA-202106-37", "href": "https://security.archlinux.org/ASA-202106-37", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:55", "description": "[5.0.204-1.0.1]\n- Add support for new Oracle release\n[5.0.204-1]\n- Update to .NET SDK 5.0.204 and Runtime 5.0.7\n- Resolves: RHBZ#1966166", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-10T00:00:00", "type": "oraclelinux", "title": ".NET 5.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-10T00:00:00", "id": "ELSA-2021-2353", "href": "http://linux.oracle.com/errata/ELSA-2021-2353.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:25:12", "description": "[3.1.116-1.0.1]\n- Update patch to support 8.3 (alexander.burmashev@oracle.com)\n- support OL release scheme (alexander.burmashev@oracle.com)\n[3.1.116-1]\n- Update to .NET SDK 3.1.116 and Runtime 3.1.16\n- Resolves: RHBZ#1965505\n[3.1.115-1]\n- Update to .NET SDK 3.1.115 and Runtime 3.1.15\n- Resolves: RHBZ#1954333", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-11T00:00:00", "type": "oraclelinux", "title": ".NET Core 3.1 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-11T00:00:00", "id": "ELSA-2021-2352", "href": "http://linux.oracle.com/errata/ELSA-2021-2352.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "altlinux": [{"lastseen": "2023-05-07T11:50:52", "description": "July 1, 2021 Vitaly Lipatov 3.1.16-alt1\n \n \n - ASP.NET Core 3.1.16\n - CVE-2021-31957: ASP.NET Denial of Service Vulnerability\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-01T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package dotnet-aspnetcore-3.1 version 3.1.16-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-07-01T00:00:00", "id": "8751C6056ED7473C9C9086B590746805", "href": "https://packages.altlinux.org/en/p9/srpms/dotnet-aspnetcore-3.1/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-07T11:50:41", "description": "July 1, 2021 Vitaly Lipatov 3.1.16-alt1\n \n \n - ASP.NET Core 3.1.16\n - CVE-2021-31957: ASP.NET Denial of Service Vulnerability\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-01T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package dotnet-aspnetcore-3.1 version 3.1.16-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-07-01T00:00:00", "id": "3ADB8D1E592DB28A30A369E4066C88AC", "href": "https://packages.altlinux.org/en/p10/srpms/dotnet-aspnetcore-3.1/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-07T11:52:43", "description": "July 1, 2021 Vitaly Lipatov 5.0.7-alt1\n \n \n - ASP.NET 5.0.7\n - CVE-2021-31957: ASP.NET Denial of Service Vulnerability\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-01T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package dotnet-aspnetcore-5.0 version 5.0.7-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-07-01T00:00:00", "id": "5A61BB058329AB7F3DDD1DADDD016726", "href": "https://packages.altlinux.org/en/p9/srpms/dotnet-aspnetcore-5.0/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-07T11:54:24", "description": "June 30, 2021 Vitaly Lipatov 5.0.7-alt1\n \n \n - new version 5.0.7 (with rpmrb script)\n - CVE-2021-31204: .NET Core Elevation of Privilege Vulnerability\n - CVE-2021-31957: ASP.NET Denial of Service Vulnerability\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-30T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package dotnet-bootstrap-5.0 version 5.0.7-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204", "CVE-2021-31957"], "modified": "2021-06-30T00:00:00", "id": "551C54E499C0DD394544C6AAD788CCC1", "href": "https://packages.altlinux.org/en/p9/srpms/dotnet-bootstrap-5.0/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-07T11:54:52", "description": "June 30, 2021 Vitaly Lipatov 3.1.16-alt1\n \n \n - new version 3.1.16 (with rpmrb script)\n - .NET Core 3.1.16 and .NET Core SDK 3.1.410\n - CVE-2021-31957: ASP.NET Denial of Service Vulnerability\n - CVE-2021-31204: .NET Core Elevation of Privilege Vulnerability\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-30T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package dotnet-bootstrap-3.1 version 3.1.16-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204", "CVE-2021-31957"], "modified": "2021-06-30T00:00:00", "id": "6D6DC73488675F6D3E05017E1C3E90F5", "href": "https://packages.altlinux.org/en/p9/srpms/dotnet-bootstrap-3.1/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-07T11:52:20", "description": "June 30, 2021 Vitaly Lipatov 3.1.16-alt1\n \n \n - new version 3.1.16 (with rpmrb script)\n - .NET Core 3.1.16 and .NET Core SDK 3.1.410\n - CVE-2021-31957: ASP.NET Denial of Service Vulnerability\n - CVE-2021-31204: .NET Core Elevation of Privilege Vulnerability\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-30T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package dotnet-bootstrap-3.1 version 3.1.16-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204", "CVE-2021-31957"], "modified": "2021-06-30T00:00:00", "id": "97248F752AEF925BD9D225D99FD71A8A", "href": "https://packages.altlinux.org/en/p10/srpms/dotnet-bootstrap-3.1/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-07T11:51:08", "description": "June 30, 2021 Vitaly Lipatov 5.0.7-alt1\n \n \n - new version 5.0.7 (with rpmrb script)\n - CVE-2021-31204: .NET Core Elevation of Privilege Vulnerability\n - CVE-2021-31957: ASP.NET Denial of Service Vulnerability\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-30T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package dotnet-bootstrap-5.0 version 5.0.7-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204", "CVE-2021-31957"], "modified": "2021-06-30T00:00:00", "id": "0A8B4F7539A685F6CFE70F6AD2395477", "href": "https://packages.altlinux.org/en/p10/srpms/dotnet-bootstrap-5.0/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "almalinux": [{"lastseen": "2021-08-11T15:48:33", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.204 and .NET Runtime 5.0.7.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-08T23:29:30", "type": "almalinux", "title": "Important: .NET 5.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-08-11T13:42:14", "id": "ALSA-2021:2353", "href": "https://errata.almalinux.org/8/ALSA-2021-2353.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-11T15:48:33", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.116 and .NET Runtime 3.1.16.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-08T23:28:24", "type": "almalinux", "title": "Important: .NET Core 3.1 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-08-11T13:42:14", "id": "ALSA-2021:2352", "href": "https://errata.almalinux.org/8/ALSA-2021-2352.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2023-08-16T15:29:43", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.204 and .NET Runtime 5.0.7.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-08T23:27:09", "type": "redhat", "title": "(RHSA-2021:2351) Important: .NET 5.0 on RHEL 7 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-09T01:30:25", "id": "RHSA-2021:2351", "href": "https://access.redhat.com/errata/RHSA-2021:2351", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T15:29:43", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.116 and .NET Runtime 3.1.16.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-08T23:24:03", "type": "redhat", "title": "(RHSA-2021:2350) Important: .NET Core 3.1 on RHEL 7 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-09T00:38:08", "id": "RHSA-2021:2350", "href": "https://access.redhat.com/errata/RHSA-2021:2350", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T15:29:43", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.204 and .NET Runtime 5.0.7.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-08T23:29:30", "type": "redhat", "title": "(RHSA-2021:2353) Important: .NET 5.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-09T00:38:29", "id": "RHSA-2021:2353", "href": "https://access.redhat.com/errata/RHSA-2021:2353", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T15:29:43", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.116 and .NET Runtime 3.1.16.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-08T23:28:24", "type": "redhat", "title": "(RHSA-2021:2352) Important: .NET Core 3.1 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-09T00:02:21", "id": "RHSA-2021:2352", "href": "https://access.redhat.com/errata/RHSA-2021:2352", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-08-16T04:55:09", "description": "ASP.NET Denial of Service Vulnerability", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-08T23:15:00", "type": "prion", "title": "CVE-2021-31957", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2023-08-01T23:15:00", "id": "PRION:CVE-2021-31957", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-31957", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2023-08-06T20:09:34", "description": ".NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-16T01:04:15", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: dotnet5.0-5.0.204-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-16T01:04:15", "id": "FEDORA:DCFB730ABB3D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-06T20:09:34", "description": ".NET Core is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET Core contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-16T01:04:18", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: dotnet3.1-3.1.116-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-16T01:04:18", "id": "FEDORA:1FF73306AB62", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-06T20:09:34", "description": ".NET Core is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET Core contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-16T01:08:06", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: dotnet3.1-3.1.116-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-16T01:08:06", "id": "FEDORA:4C54630AF047", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-06T20:09:34", "description": ".NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-16T01:08:05", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: dotnet5.0-5.0.204-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-16T01:08:05", "id": "FEDORA:1AC3930B07A1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "rocky": [{"lastseen": "2022-03-02T15:15:06", "description": "An update for .NET 5.0 is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.204 and .NET Runtime 5.0.7.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-07-22T03:24:33", "type": "rocky", "title": ".NET 5.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-07-22T03:24:33", "id": "RLSA-2021:2353", "href": "https://errata.rockylinux.org/RLSA-2021:2353", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-02T15:15:06", "description": "An update for .NET Core 3.1 is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.116 and .NET Runtime 3.1.16.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-07-22T03:27:08", "type": "rocky", "title": ".NET Core 3.1 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-07-22T03:27:08", "id": "RLSA-2021:2352", "href": "https://errata.rockylinux.org/RLSA-2021:2352", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "github": [{"lastseen": "2023-08-06T19:34:18", "description": "# Withdrawn\n\nThis advisory was initially published and mapped incorrectly to nuget `Microsoft.NETCore.App.Ref`. We later reanalyzed this advisory and found it does not have a direct mapping to a NuGet package. Thus we have withdrawn this advisory.\n\nThe underlying ASP.NET Core Denial of Service Vulnerability and CVE-2021-31957 remain legitimate.\n\n# Description.\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA denial of service vulnerability exists when ASP.NET Core improperly handles client disconnect. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.\n\n\n### Patches\n\n* If you're using .NET 5.0, you should download and install Runtime 5.0.7 or SDK 5.0.204 (for Visual Studio 2019 v16.8) or SDK 5.0.301 (for Visual Studio 2019 16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0.\n\n* If you're using .NET Core 3.1, you should download and install Runtime 3.1.16 or SDK 3.1.116 (for Visual Studio 2019 v16.4) or 3.1.410 (for Visual Studio 2019 v16.5 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1.\n\n\n\n#### Other Details\n\n- Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/188\n- An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/33369\n- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-06T00:23:01", "type": "github", "title": "ASP.NET Core Denial of Service Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2023-02-01T05:06:08", "id": "GHSA-MCWM-2WMC-6HV4", "href": "https://github.com/advisories/GHSA-mcwm-2wmc-6hv4", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-08-07T00:28:33", "description": "A flaw was found in dotnet. The way client disconnects are handled can allow a remote, unauthenticated attacker to exploit this vulnerability to cause a denial of service against an ASP.NET Core application. The highest threat from this vulnerability is to system availability.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-08T17:44:33", "type": "redhatcve", "title": "CVE-2021-31957", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2023-04-06T09:04:51", "id": "RH:CVE-2021-31957", "href": "https://access.redhat.com/security/cve/cve-2021-31957", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mscve": [{"lastseen": "2023-08-06T22:08:05", "description": "ASP.NET Denial of Service Vulnerability", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-08T07:00:00", "type": "mscve", "title": "ASP.NET Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31957"], "modified": "2021-06-08T07:00:00", "id": "MS:CVE-2021-31957", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "kaspersky": [{"lastseen": "2023-08-06T23:21:43", "description": "### *Detect date*:\n06/08/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges.\n\n### *Affected products*:\nMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) \nVisual Studio Code - Kubernetes Tools \nMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) \n.NET 5.0 \n.NET Core 3.1 \nMicrosoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9) \nMicrosoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6) \nVisual Studio 2019 for Mac version 8.10\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-31957](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31957>) \n[CVE-2021-31938](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31938>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Microsoft Visual Studio](<https://threats.kaspersky.com/en/product/Microsoft-Visual-Studio/>)\n\n### *CVE-IDS*:\n[CVE-2021-31957](<https://vulners.com/cve/CVE-2021-31957>)5.0Critical \n[CVE-2021-31938](<https://vulners.com/cve/CVE-2021-31938>)6.8High\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "type": "kaspersky", "title": "KLA12200 Multiple vulnerabilities in Microsoft Developer Tools", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31938", "CVE-2021-31957"], "modified": "2021-06-22T00:00:00", "id": "KLA12200", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12200/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "rapid7blog": [{"lastseen": "2021-06-15T09:07:00", "description": "\n\nIt is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation ([CVE-2021-31955](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955>), [CVE-2021-31956](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956>), [CVE-2021-33739](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739>), [CVE-2021-33742](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742>), [CVE-2021-31199](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199>), and [CVE-2021-31201](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201>)). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on [CVE-2021-31962](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31962>) if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.\n\n## Windows MSHTML Platform Remote Code Execution Vulnerability ([CVE-2021-33742](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742>))\n\nThis is the only 0-day vulnerability this month which results in a remote code execution. The vulnerability lies within the MSHTML platform which is used by Internet Explorer 11 and Edge Legacy. While these two products are no longer fully supported (Edge Legacy is end of life and IE 11 is no longer supported on certain platforms) the underlying HTML libraries continue to be updated as other applications can make use of it. Further details for this vulnerability will be published by Google's Threat Analysis Group within the next 30 days.\n\n## Kerberos AppContainer Security Feature Bypass Vulnerability ([CVE-2021-31962](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31962>))\n\nWhile this vulnerability has not been exploited in the wild yet, it would be a rather juicy target for exploit developers. Were this to be exploited it may allow a complete bypass of Kerberos authentication, allowing a connection without a password. Kerberos is generally used in Enterprise environments and as such sysadmins should patch this if they are leveraging the strong cryptography authentication mechanism.\n\n## Multiple Elevation of Privilege 0-days \n\n### [CVE-2021-31955](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955>), [CVE-2021-31956](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956>), [CVE-2021-33739](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739>), [CVE-2021-31199](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199>), and [CVE-2021-31201](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201>)\n\n \nThe rest of the 0-days this month can result in elevation of privilege. These vulnerabilities are often chained with other vulnerabilities in order to achieve code execution as an Administrator. Luckily for defenders, these vulnerabilities are simply patched using the traditional update methods.\n\n## Summary Tables\n\nHere are this month's patched vulnerabilities split by the product family.\n\n## Apps Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31945](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31945>) | Paint 3D Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31946](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31946>) | Paint 3D Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31983](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31983>) | Paint 3D Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31980](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31980>) | Microsoft Intune Management Extension Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2021-31942](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31942>) | 3D Viewer Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31943](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31943>) | 3D Viewer Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31944](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31944>) | 3D Viewer Information Disclosure Vulnerability | No | No | 5 | Yes \n \n## Browser Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-33741](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33741>) | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | No | No | 8.2 | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31938](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31938>) | Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability | No | No | 7.3 | Yes \n[CVE-2021-31957](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957>) | .NET Core and Visual Studio Denial of Service Vulnerability | No | No | 5.9 | No \n \n## ESU Windows Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31968](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31968>) | Windows Remote Desktop Services Denial of Service Vulnerability | No | Yes | 7.5 | No \n[CVE-2021-1675](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1675>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31958](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31958>) | Windows NTLM Elevation of Privilege Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-31956](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956>) | Windows NTFS Elevation of Privilege Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-33742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742>) | Windows MSHTML Platform Remote Code Execution Vulnerability | Yes | No | 7.5 | Yes \n[CVE-2021-31971](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31971>) | Windows HTML Platform Security Feature Bypass Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-31973](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31973>) | Windows GPSVC Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31953](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31953>) | Windows Filter Manager Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26414](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414>) | Windows DCOM Server Security Feature Bypass | No | No | 4.8 | Yes \n[CVE-2021-31954](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31954>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31959](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31959>) | Scripting Engine Memory Corruption Vulnerability | No | No | 6.4 | Yes \n[CVE-2021-31199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199>) | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | Yes | No | 5.2 | Yes \n[CVE-2021-31201](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31201>) | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | Yes | No | 5.2 | Yes \n[CVE-2021-31962](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31962>) | Kerberos AppContainer Security Feature Bypass Vulnerability | No | No | 9.4 | Yes \n \n## Microsoft Office Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31964](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31964>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-31948](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31948>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-31950](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31950>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-31966](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31966>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.2 | No \n[CVE-2021-31963](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31963>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.1 | No \n[CVE-2021-26420](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26420>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.1 | No \n[CVE-2021-31965](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31965>) | Microsoft SharePoint Server Information Disclosure Vulnerability | No | No | 5.7 | Yes \n[CVE-2021-31949](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31949>) | Microsoft Outlook Remote Code Execution Vulnerability | No | No | 6.7 | Yes \n[CVE-2021-31940](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31940>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31941](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31941>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31939](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31939>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## System Center Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31985](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31985>) | Microsoft Defender Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31978](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31978>) | Microsoft Defender Denial of Service Vulnerability | No | No | 5.5 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31970](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31970>) | Windows TCP/IP Driver Security Feature Bypass Vulnerability | No | No | 5.5 | No \n[CVE-2021-31952](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31952>) | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31955](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955>) | Windows Kernel Information Disclosure Vulnerability | Yes | No | 5.5 | Yes \n[CVE-2021-31951](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31951>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31977](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31977>) | Windows Hyper-V Denial of Service Vulnerability | No | No | 8.6 | Yes \n[CVE-2021-31969](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31969>) | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31960](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31960>) | Windows Bind Filter Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-31967](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31967>) | VP9 Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31975](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31975>) | Server for NFS Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-31976](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31976>) | Server for NFS Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-31974](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31974>) | Server for NFS Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-33739](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739>) | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Yes | Yes | 8.4 | Yes \n[CVE-2021-31972](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31972>) | Event Tracing for Windows Information Disclosure Vulnerability | No | No | 5.5 | Yes \n \n## Summary Graphs\n\n", "cvss3": {}, "published": "2021-06-08T10:00:00", "type": "rapid7blog", "title": "Patch Tuesday - June 2021", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1675", "CVE-2021-26414", "CVE-2021-26420", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31938", "CVE-2021-31939", "CVE-2021-31940", "CVE-2021-31941", "CVE-2021-31942", "CVE-2021-31943", "CVE-2021-31944", "CVE-2021-31945", "CVE-2021-31946", "CVE-2021-31948", "CVE-2021-31949", "CVE-2021-31950", "CVE-2021-31951", "CVE-2021-31952", "CVE-2021-31953", "CVE-2021-31954", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31957", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31960", "CVE-2021-31962", "CVE-2021-31963", "CVE-2021-31964", "CVE-2021-31965", "CVE-2021-31966", "CVE-2021-31967", "CVE-2021-31968", "CVE-2021-31969", "CVE-2021-31970", "CVE-2021-31971", "CVE-2021-31972", "CVE-2021-31973", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31976", "CVE-2021-31977", "CVE-2021-31978", "CVE-2021-31980", "CVE-2021-31983", "CVE-2021-31985", "CVE-2021-33739", "CVE-2021-33741", "CVE-2021-33742"], "modified": "2021-06-08T10:00:00", "id": "RAPID7BLOG:E44F025D612AC4EA5DF9F2B56FF8680C", "href": "https://blog.rapid7.com/2021/06/08/patch-tuesday-june-2021/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2021-06-15T08:32:22", "description": "### Microsoft Patch Tuesday \u2013 June 2021\n\nMicrosoft patched 50 CVEs in their June 2021 Patch Tuesday release, and five of them are rated as critical severity. Six have applicable exploits.\n\n#### Critical Microsoft Vulnerabilities Patched\n\n[CVE-2021-31985](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31985>) \u2013 Microsoft Defender Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE vulnerability in its Defender product (CVE-2021-31985). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 7.8 by the vendor.\n\n[CVE-2021-31959](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31959>) \u2013 Scripting Engine Memory Corruption Vulnerability\n\nMicrosoft released patches addressing a critical memory corruption vulnerability in the Chakra JScript scripting engine. This vulnerability impacts Windows RT, Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, Windows Server 2012 (R2) and Windows Server 2016. An adversary can exploit this vulnerability when the target user opens a specially crafted file.\n\n[CVE-2021-31963](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31963>) \u2013 Microsoft SharePoint Server Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE in SharePoint Server. This CVE is assigned a CVSSv3 base score of 7.1 by the vendor.\n\n#### Six 0-Day Vulnerabilities with Exploits in the Wild Patched\n\nThe following vulnerabilities need immediate attention for patching since they have active exploits in the wild:\n\n[CVE-2021-33742](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33742>) \u2013 Windows MSHTML Platform Remote Code Execution Vulnerability \n[CVE-2021-33739](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33739>) \u2013 Microsoft DWM Core Library Elevation of Privilege Vulnerability \n[CVE-2021-31956](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31956>) \u2013 Windows NTFS Elevation of Privilege Vulnerability \n[CVE-2021-31955](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31955>) \u2013 Windows Kernel Information Disclosure Vulnerability \n[CVE-2021-31201](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31201>) \u2013 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability \n[CVE-2021-31199](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31199>) \u2013 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability\n\n#### **Qualys QIDs Providing Coverage**\n\nQID| Title| Severity| CVE ID \n---|---|---|--- \n91768| Microsoft .NET Core Security Update June 2021| Medium| CVE-2021-31957 \n91769| Microsoft Visual Studio Security Update for June 2021| Medium| CVE-2021-31957 \n375614| Visual Studio Code Kubernetes Tools Extension Elevation of Privilege Vulnerability| Medium| CVE-2021-31938 \n110383| Microsoft SharePoint Enterprise Server Multiple Vulnerabilities June 2021| High| CVE-2021-31966,CVE-2021-31965,CVE-2021-31964,CVE-2021-31963,CVE-2021-31950,CVE-2021-31948,CVE-2021-26420 \n110384| Microsoft Office and Microsoft Office Services and Web Apps Security Update June 2021| High| CVE-2021-31939,CVE-2021-31941,CVE-2021-31940,CVE-2021-31949 \n110385| Mcrosoft Outlook Remote Code Execution Vulnerability Security Update June 2021| High| CVE-2021-31949,CVE-2021-31941 \n91771| Microsoft Defender Multiple Vulnerabilities - June 2021| Critical| CVE-2021-31978,CVE-2021-31985 \n91772| Microsoft Windows Security Update for June 2021| Critical| CVE-2021-1675,CVE-2021-26414,CVE-2021-31199,CVE-2021-31201,CVE-2021-31951,CVE-2021-31952,CVE-2021-31953,CVE-2021-31954,CVE-2021-31955,CVE-2021-31956,CVE-2021-31958,CVE-2021-31959,CVE-2021-31960,CVE-2021-31962,CVE-2021-31968,CVE-2021-31969,CVE-2021-31970,CVE-2021-31971,CVE-2021-31972,CVE-2021-31973,CVE-2021-31974,CVE-2021-31975,CVE-2021-31976,CVE-2021-31977,CVE-2021-33742 \n91773| Microsoft 3D Viewer Multiple Vulnerabilities - June 2021| High| CVE-2021-31944,CVE-2021-31943,CVE-2021-31942 \n91774| Microsoft Paint 3D Remote Code Execution Vulnerability| High| CVE-2021-31983,CVE-2021-31946,CVE-2021-31945 \n91775| Microsoft Windows VP9 Video Extension Remote Code Execution Vulnerability| Medium| CVE-2021-31967 \n91777| Microsoft Windows DWM Core Library Elevation of Privilege Vulnerability - June 2021 | High| CVE-2021-33739 \n \n### Adobe Patch Tuesday \u2013 June 2021\n\nAdobe addressed 41 CVEs this Patch Tuesday, and 21 of them are rated as critical severity impacting Acrobat and Reader, Adobe Photoshop, Creative Cloud Desktop Application, RoboHelp Server, Adobe After Effects, and Adobe Animate products.\n\nAdobe Security Bulletin| QID| Severity| CVE ID \n---|---|---|--- \nAdobe Animate Multiple Security Vulnerabilities (APSB21-50)| 91770| Medium| CVE-2021-28630,CVE-2021-28619,CVE-2021-28617,CVE-2021-28618,CVE-2021-28621,CVE-2021-28620,CVE-2021-28629,CVE-2021-28622 \nAdobe Security Update for Adobe Acrobat and Reader( APSB21-37)| 375611| High| CVE-2021-28551,CVE-2021-28554,CVE-2021-28552,CVE-2021-28631,CVE-2021-28632 \n \n### Discover Patch Tuesday Vulnerabilities in VMDR\n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB).\n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n\n`vulnerabilities.vulnerability:(qid:`91768` OR qid:`91769` OR qid:`91770` OR qid:`91771` OR qid:`91772` OR qid:`91773` OR qid:`91774` OR qid:`91775` OR qid:`91777` OR qid:`110383` OR qid:`110384` OR qid:`110385` OR qid:`375611` OR qid:`375614`)`\n\n\n\n### Respond by Patching\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday.\n\n`(qid:`91768` OR qid:`91769` OR qid:`91770` OR qid:`91771` OR qid:`91772` OR qid:`91773` OR qid:`91774` OR qid:`91775` OR qid:`91777` OR qid:`110383` OR qid:`110384` OR qid:`110385` OR qid:`375611` OR qid:`375614`)`\n\n\n\n### Patch Tuesday Dashboard\n\nThe current updated Patch Tuesday dashboards are available in [Dashboard Toolbox: 2021 Patch Tuesday Dashboard](<https://qualys-secure.force.com/discussions/s/article/000006505>).\n\n### Webinar Series: This Month in Patches\n\nTo help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series [_This Month in Patches_](<https://www.brighttalk.com/webcast/11673/491681>).\n\nWe discuss some of the key vulnerabilities disclosed in the past month and how to patch them:\n\n * VMware vCenter Server Multiple Vulnerabilities\n * Ubuntu XStream Vulnerabilities\n * Microsoft Patch Tuesday, June 2021\n\n[Join us live or watch on demand](<https://www.brighttalk.com/webcast/11673/491681>)!\n\n### About Patch Tuesday\n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed shortly after by [PT dashboards](<https://qualys-secure.force.com/discussions/s/article/000006505>).", "cvss3": {}, "published": "2021-06-08T21:19:29", "type": "qualysblog", "title": "Microsoft & Adobe Patch Tuesday (June 2021) \u2013 Microsoft 50 Vulnerabilities with 5 Critical, Adobe 21 Critical Vulnerabilities", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-1675", "CVE-2021-26414", "CVE-2021-26420", "CVE-2021-28551", "CVE-2021-28552", "CVE-2021-28554", "CVE-2021-28617", "CVE-2021-28618", "CVE-2021-28619", "CVE-2021-28620", "CVE-2021-28621", "CVE-2021-28622", "CVE-2021-28629", "CVE-2021-28630", "CVE-2021-28631", "CVE-2021-28632", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31938", "CVE-2021-31939", "CVE-2021-31940", "CVE-2021-31941", "CVE-2021-31942", "CVE-2021-31943", "CVE-2021-31944", "CVE-2021-31945", "CVE-2021-31946", "CVE-2021-31948", "CVE-2021-31949", "CVE-2021-31950", "CVE-2021-31951", "CVE-2021-31952", "CVE-2021-31953", "CVE-2021-31954", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31957", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31960", "CVE-2021-31962", "CVE-2021-31963", "CVE-2021-31964", "CVE-2021-31965", "CVE-2021-31966", "CVE-2021-31967", "CVE-2021-31968", "CVE-2021-31969", "CVE-2021-31970", "CVE-2021-31971", "CVE-2021-31972", "CVE-2021-31973", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31976", "CVE-2021-31977", "CVE-2021-31978", "CVE-2021-31983", "CVE-2021-31985", "CVE-2021-33739", "CVE-2021-33742"], "modified": "2021-06-08T21:19:29", "id": "QUALYSBLOG:23EF75126B24C22C999DAD4D7A2E9DF5", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}