Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-106890
HistoryFeb 12, 2019 - 12:00 a.m.

Microsoft .NET Framework and Visual Studio CVE-2019-0657 Spoofing Vulnerability

2019-02-1200:00:00
Symantec Security Response
www.symantec.com
40

0.004 Low

EPSS

Percentile

69.5%

JSON

Description

Microsoft .NET Framework and Visual Studio are prone to an security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible.

Technologies Affected

  • Microsoft .NET Core 1.0
  • Microsoft .NET Core 1.1
  • Microsoft .NET Core 2.1
  • Microsoft .NET Core 2.2
  • Microsoft .NET Framework 2.0
  • Microsoft .NET Framework 3.0
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 3.5.1
  • Microsoft .NET Framework 4.5.2
  • Microsoft .NET Framework 4.6
  • Microsoft .NET Framework 4.6.1
  • Microsoft .NET Framework 4.6.2
  • Microsoft .NET Framework 4.7
  • Microsoft .NET Framework 4.7.1
  • Microsoft .NET Framework 4.7.2
  • Microsoft Visual Studio 2017 15.9
  • Microsoft Visual Studio 2017

Recommendations

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Do not follow links provided by unknown or untrusted sources.
Never follow links provided by unknown or untrusted sources.

Set web browser security to disable the execution of script code or active content.
Since a successful exploit of this issue allows malicious code to execute in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.

Updates are available. Please see the references or vendor advisory for more information.

Related

prion 1
redhat 1
openvas 16
altlinux 7
mscve 1
veracode 1
redhatcve 1
nessus 14
github 1
cve 1
osv 2
mskb 15
kaspersky 1
talosblog 1
prion
prion
Spoofing
2019-03-05 23:29:00
redhat
redhat
(RHSA-2019:0349) Moderate: .NET Core on Red Hat Enterprise Linux security update for February 2019
2019-02-14 04:23:45
openvas
openvas
.NET Core SDK Spoofing Vulnerability (Feb 2019)
2019-02-14 00:00:00
.NET Core Domain Spoofing Vulnerability (Feb 2019)
2019-02-26 00:00:00
.NET Core Spoofing Vulnerability (Feb 2019)
2019-02-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package dotnet-bootstrap-5.0 version 2.1.9-alt1
2019-03-13 00:00:00
Security fix for the ALT Linux 10 package dotnet-bootstrap-3.1 version 2.1.9-alt1
2019-03-13 00:00:00
Security fix for the ALT Linux 8 package dotnet-bootstrap version 2.1.9-alt1
2019-05-16 00:00:00
mscve
mscve
.NET Framework and Visual Studio Spoofing Vulnerability
2019-02-12 08:00:00
veracode
veracode
Authorization Bypass
2019-02-14 06:01:10
redhatcve
redhatcve
CVE-2019-0657
2019-02-13 13:19:35
nessus
nessus
Security Update for .NET Core (February 2019)
2019-02-13 00:00:00
RHEL 7 : dotNET (RHSA-2019:0349)
2019-02-20 00:00:00
Security Updates for Microsoft Visual Studio Products (February 2019)
2019-02-12 00:00:00
github
github
Improper Input Validation in .Net Framework API's
2022-05-14 01:28:01
cve
cve
CVE-2019-0657
2019-03-05 23:29:00
osv
osv
CVE-2019-0657
2019-03-05 23:29:02
Improper Input Validation in .Net Framework API's
2022-05-14 01:28:01
mskb
mskb
Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4483450)
2019-02-12 08:00:00
Security and Quality Rollup updates for .NET Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 for Windows Server 2008 SP2 (KB 4487081)
2019-02-12 08:00:00
February 12, 2019—KB4483452 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019
2019-02-12 08:00:00
kaspersky
kaspersky
KLA11419 Multiple vulnerabilities in Microsoft Developer Tools
2019-02-12 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — February 2019: Vulnerability disclosures and Snort coverage
2019-02-12 11:55:00

0.004 Low

EPSS

Percentile

69.5%

JSON
Related for SMNTC-106890
prion1redhat1openvas16altlinux7mscve1veracode1redhatcve1nessus14github1cve1osv2mskb15kaspersky1talosblog1