Lucene search
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS20_AUG_VISUAL_STUDIO.NASLHistoryAug 11, 2020 - 12:00 a.m.
Security Updates for Microsoft Visual Studio Products (August 2020)
2020-08-1100:00:00
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by a denial-of-service vulnerability:
- A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. (CVE-2020-1597)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#
include('compat.inc');
if (description)
{
script_id(139506);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");
script_cve_id("CVE-2020-1597");
script_xref(name:"IAVA", value:"2020-A-0377-S");
script_xref(name:"CEA-ID", value:"CEA-2020-0101");
script_name(english:"Security Updates for Microsoft Visual Studio Products (August 2020)");
script_set_attribute(attribute:"synopsis", value:
"The Microsoft Visual Studio Products are affected by a denial-of-service vulnerability.");
script_set_attribute(attribute:"description", value:
"The Microsoft Visual Studio Products are missing security
updates. It is, therefore, affected by a denial-of-service
vulnerability:
- A denial of service vulnerability exists when ASP.NET
Core improperly handles web requests. An attacker who
successfully exploited this vulnerability could cause a
denial of service against an ASP.NET Core web
application. The vulnerability can be exploited
remotely, without authentication. A remote
unauthenticated attacker could exploit this
vulnerability by issuing specially crafted requests to
the ASP.NET Core application. The update addresses the
vulnerability by correcting how the ASP.NET Core web
application handles web requests. (CVE-2020-1597)");
script_set_attribute(attribute:"solution", value:
"Microsoft has released 15.9.26, 16.0.17, 16.4.12, and 16.7.1 to address this issue.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1597");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/08/11");
script_set_attribute(attribute:"patch_publication_date", value:"2020/08/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/08/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:visual_studio");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ms_bulletin_checks_possible.nasl", "microsoft_visual_studio_installed.nbin");
script_require_keys("SMB/MS_Bulletin_Checks/Possible", "installed_sw/Microsoft Visual Studio");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('misc_func.inc');
include('install_func.inc');
include('smb_func.inc');
include('smb_hotfixes.inc');
get_kb_item_or_exit('installed_sw/Microsoft Visual Studio');
port = get_kb_item("SMB/transport");
appname = 'Microsoft Visual Studio';
installs = get_installs(app_name:appname, exit_if_not_found:TRUE);
report = '';
foreach install (installs[1])
{
version = install['version'];
path = install['path'];
prod = install['product_version'];
fix = '';
# https://docs.microsoft.com/en-us/visualstudio/releases/2019/history
# VS 2017 (15.9)
if (prod == '2017' && version =~ '^15\\.[1-9]\\.')
{
fix = '15.9.28307.1234';
if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
}
}
# VS 2019 Version 16.0
else if (prod == '2019' && version =~ '^16\\.0\\.')
{
fix = '16.0.28803.806';
if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
}
}
# VS 2019 Version 16.4
else if (prod == '2019' && version =~ '^16\\.[1-4]\\.')
{
fix = '16.4.30406.169';
if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
}
}
# VS 2019 Version 16.7
else if (prod == '2019' && version =~ '^16\\.[5-7]\\.')
{
fix = '16.7.30406.217';
if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
}
}
}
if (empty(report))
audit(AUDIT_INST_VER_NOT_VULN, appname);
security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | visual_studio | cpe:/a:microsoft:visual_studio |
Related
oraclelinux
oraclelinux
.NET Core 3.1 security and bugfix update
2020-08-16 00:00:00
mscve
mscve
ASP.NET Core Denial of Service Vulnerability
2020-08-11 07:00:00
cve
cve
CVE-2020-1597
2020-08-17 19:15:00
nessus
nessus
CentOS 8 : .NET Core 3.1 (CESA-2020:3422)
2021-02-01 00:00:00
Security Update for Microsoft ASP.NET Core (DoS) (August 2020)
2020-08-11 00:00:00
RHEL 8 : .NET Core 3.1 (RHSA-2020:3422)
2020-08-11 00:00:00
openvas
openvas
Fedora: Security Advisory for dotnet-build-reference-packages (FEDORA-2020-cad5d17c6d)
2020-09-13 00:00:00
Fedora: Security Advisory for dotnet3.1 (FEDORA-2020-cad5d17c6d)
2020-09-13 00:00:00
Fedora: Security Advisory for dotnet3.1 (FEDORA-2020-9ddf1aa50b)
2020-09-26 00:00:00
redhatcve
redhatcve
CVE-2020-1597
2020-08-11 17:43:41
fedora
fedora
[SECURITY] Fedora 33 Update: dotnet3.1-3.1.107-1.fc33
2020-09-25 17:18:08
veracode
veracode
Denial Of Service (DoS)
2020-08-12 02:11:56
osv
osv
ASP.NET Core Denial of Service Vulnerability
2022-05-24 17:26:01
BIT-aspnet-core-2020-1597
2024-03-06 10:53:47
CVE-2020-1597
2020-08-17 19:15:21
redhat
redhat
cvelist
cvelist
ASP.NET Core Denial of Service Vulnerability
2020-08-17 19:13:53
github
github
ASP.NET Core Denial of Service Vulnerability
2022-05-24 17:26:01
prion
prion
Authentication flaw
2020-08-17 19:15:00
altlinux
altlinux
kaspersky
kaspersky
KLA11934 Multiple vulnerabilities in Microsoft Developer Tools
2020-08-11 00:00:00
avleonov
avleonov
Related for SMB_NT_MS20_AUG_VISUAL_STUDIO.NASL