Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Microsoft .NET Framework Multiple DoS Vulnerabilities (KB4495611)

🗓️ 15 May 2019 00:00:00Reported by Copyright (C) 2019 Greenbone Networks GmbHType 
openvas
 openvas🔗 plugins.openvas.org👁 57 Views

Microsoft .NET Framework Multiple DoS Vulnerabilitie

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Microsoft KB		May 14, 2019 — KB4495611 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1703
14 May 201907:00
–mskb
Microsoft KB		May 14, 2019—KB4499405 Cumulative Update for .NET Framework 3.5, 4.7.2, and 4.8 for Windows 10, version 1809 and Windows Server 2019
14 May 201907:00
–mskb
Microsoft KB		May 14, 2019—KB4495610 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016
14 May 201907:00
–mskb
Microsoft KB		May 14, 2019—KB4495620 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1903
14 May 201907:00
–mskb
Microsoft KB		Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB4499408)
14 May 201907:00
–mskb
Microsoft KB		May 14, 2019—KB4495613 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1709
14 May 201907:00
–mskb
Microsoft KB		May 14, 2019—KB4495616 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1803
14 May 201907:00
–mskb
Microsoft KB		Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4499407)
14 May 201907:00
–mskb
Microsoft KB		Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Server 2008 R2 SP1 (KB4498961)
14 May 201907:00
–mskb
Microsoft KB		Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4498962)
14 May 201907:00
–mskb
Rows per page
# Copyright (C) 2019 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.815113");
  script_version("2023-10-27T16:11:32+0000");
  script_cve_id("CVE-2019-0864", "CVE-2019-0820", "CVE-2019-0980", "CVE-2019-0981");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"last_modification", value:"2023-10-27 16:11:32 +0000 (Fri, 27 Oct 2023)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-05-22 13:29:00 +0000 (Wed, 22 May 2019)");
  script_tag(name:"creation_date", value:"2019-05-15 11:57:50 +0530 (Wed, 15 May 2019)");
  script_name("Microsoft .NET Framework Multiple DoS Vulnerabilities (KB4495611)");

  script_tag(name:"summary", value:"This host is missing an important security
  update according to Microsoft KB4495611");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to:

  - Multiple errors when .NET Framework or .NET Core improperly handle web requests.

  - An error when .NET Framework improperly handles objects in heap memory.

  - An error when .NET Framework and .NET Core improperly process RegEx strings.");

  script_tag(name:"impact", value:"Successful exploitation will allow an attacker
  to cause a denial of service condition.");

  script_tag(name:"affected", value:"Microsoft .NET Framework 4.8 on Microsoft Windows 10 version 1703.");

  script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"executable_version");
  script_xref(name:"URL", value:"https://support.microsoft.com/en-us/help/4495611");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/108241");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/108245");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/108232");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/108207");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2019 Greenbone Networks GmbH");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("smb_reg_service_pack.nasl");
  script_require_ports(139, 445);
  script_mandatory_keys("SMB/WindowsVersion");
  exit(0);
}

include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");


if(hotfix_check_sp(win10:1, win10x64:1) <= 0){
  exit(0);
}
sysPath = smb_get_system32root();
if(!sysPath ){
  exit(0);
}

edgeVer = fetch_file_version(sysPath:sysPath, file_name:"edgehtml.dll");
if(!edgeVer){
  exit(0);
}

if(edgeVer =~ "^11\.0\.15063")
{
  if(!registry_key_exists(key:"SOFTWARE\Microsoft\.NETFramework")){
    if(!registry_key_exists(key:"SOFTWARE\Microsoft\ASP.NET")){
      if(!registry_key_exists(key:"SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\")){
        exit(0);
      }
    }
  }

  key_list = make_list("SOFTWARE\Microsoft\.NETFramework\", "SOFTWARE\Microsoft\ASP.NET\", "SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\");

  foreach key(key_list)
  {
    if(".NETFramework" >< key)
    {
      foreach item (registry_enum_keys(key:key))
      {
        NetPath = registry_get_sz(key:key + item, item:"InstallRoot");
        if(NetPath && "\Microsoft.NET\Framework" >< NetPath)
        {
          foreach item (registry_enum_keys(key:key))
          {
            dotPath = NetPath + item;
            dllVer = fetch_file_version(sysPath:dotPath, file_name:"system.dll");
            if(dllVer)
            {
              ## https://support.microsoft.com/en-us/help/4495611
              if(version_in_range(version:dllVer, test_version:"4.8", test_version2:"4.8.3800"))
              {
                vulnerable_range = "4.8 - 4.8.3800" ;
                break;
              }
            }
          }
        }
      }
    }

    if((!vulnerable_range) && "ASP.NET" >< key)
    {
      foreach item (registry_enum_keys(key:key))
      {
        dotPath = registry_get_sz(key:key + item, item:"Path");
        if(dotPath && "\Microsoft.NET\Framework" >< dotPath)
        {
          dllVer = fetch_file_version(sysPath:dotPath, file_name:"system.dll");
          if(dllVer)
          {
            ## https://support.microsoft.com/en-us/help/4495611
            if(version_in_range(version:dllVer, test_version:"4.8", test_version2:"4.8.3800"))
            {
              vulnerable_range = "4.8 - 4.8.3800" ;
              break;
            }
          }
        }
      }
    }

    ## For versions greater than 4.5 (https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#net_b)
    if((!vulnerable_range) && "NET Framework Setup" >< key)
    {
      dotPath = registry_get_sz(key:key, item:"InstallPath");
      if(dotPath && "\Microsoft.NET\Framework" >< dotPath)
      {
        dllVer = fetch_file_version(sysPath:dotPath, file_name:"system.dll");
        if(dllVer)
        {
          ## https://support.microsoft.com/en-us/help/4495611
          if(version_in_range(version:dllVer, test_version:"4.8", test_version2:"4.8.3800")){
            vulnerable_range = "4.8 - 4.8.3800" ;
          }
        }
      }
    }

    if(vulnerable_range)
    {
      report = report_fixed_ver(file_checked:dotPath + "system.dll",
                                file_version:dllVer, vulnerable_range:vulnerable_range);
      security_message(data:report);
      exit(0);
    }
  }
}
exit(99);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
15 May 2019 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS25
CVSS37.5
EPSS0.002
microsoft.net frameworkmultipledosvulnerabilitieskb44956112019greenbone networks gmbhcve-2019-0864cve-2019-0820cve-2019-0980cve-2019-0981security updateweb requestsheap memoryregex stringsdenial of service conditionwindows 10version 1703updatesvendorfixexecutable_version.
57
.json
Report