Описание
.NET Framework Information Disclosure Vulnerability
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations.
An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application.
The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass.
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is search criteria.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| PowerShell Core 6.1 | ||
| .NET Core 2.1 | ||
| .NET Core 2.2 | ||
| PowerShell Core 6.2 | ||
| Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for 32-bit Systems | ||
| Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for x64-based Systems | ||
| Microsoft .NET Framework 4.7.2 on Windows Server, version 1803 (Server Core Installation) | ||
| Microsoft .NET Framework 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems | ||
| Microsoft .NET Framework 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems | ||
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.
Exposure of Sensitive Information in System.Net.Http
Уязвимость программных платформ .NET Core и Microsoft .NET Framework, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить доступ к защищаемой информации
EPSS