10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.111 Low
EPSS
Percentile
95.1%
A remote code execution vulnerability exists when Windows Azure Pack Web Sites does not check the length of a buffer before copying memory to it. To learn more about this vulnerability, go to CVE-2019-1372.This Update Rollup 13.1 for Windows Azure Pack Web Sites version 2 includes a security update that addresses this vulnerability.This update rollup replaces Update Rollup 13 for Windows Azure Pack Web Sites version 2 (the final feature update for Windows Azure Pack Web Sites V2), and also includes all the fixes that were included in Update Rollup 13.We recommend that you review the information in this article and also in Update Rollup 13 for Windows Azure Pack Web Sites version 2 before you apply this update.Note: Windows Azure Pack Web Sites V2 is now in Extended Support, as discussed at <https://aka.ms/wapwebsiteslifecycle>
This update fixes the following issues:
This update rollup is available for manual download and installation from the Microsoft Download Center.Download the Windows Azure Pack update package (Download Center)
File name | SHA1 hash | SHA256 hash |
---|---|---|
Websites.exe | 5D29DCA9FDF7B085A3876FA73D51A3A322636D1E | C2E89C562A41A170041C5F34E3E60C0C15AC6838ABBB19964E08450DA834D790 |
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.File name | File size | Version |
---|---|---|
Websites.exe | 4,354,048 bytes | 59.1.27.0 |
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.111 Low
EPSS
Percentile
95.1%