CVE-2019-1083

Опубликовано: 09 июл. 2019

Источник: msrc

EPSS Средний

Описание

.NET Denial of Service Vulnerability

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET web application.

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET application.

The update addresses the vulnerability by correcting how the .NET web application handles web requests.

FAQ

There are two updates for .NET Framework 3.5 installed on Windows 10 version 1809 and Windows Server 2019. How do I know which update I need to install?

The security updates for Windows 10 version 1809 and Windows Server 2019 include both .NET Framework 3.5 and 4.7.2 or 4.8. Customers running these versions of Windows 10 need to determine if they are also running .NET Framework 4.7.2 or .NET Framework 4.8. Install the security update that includes that second version of .NET Framework.

Обновления

Продукт	Статья	Обновление
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems	4507419 4507419	Security Update Security Update
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems	4507419 4507419	Security Update Security Update
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems	4507419 4507419	Security Update Security Update
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems	4507419 4507419	Security Update Security Update
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)	4507419 4507419	Security Update Security Update
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)	4507419 4507419	Security Update Security Update
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019	4507419 4507419	Security Update Security Update
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019	4507419 4507419	Security Update Security Update
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems	4506991	Security Update
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)	4506991	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 93%

0.10562

Средний

Связанные уязвимости

CVE-2019-1083

CVSS3: 7.5

nvd

около 6 лет назад

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.

GHSA-xx75-9737-wg24

CVSS3: 7.5

github

около 3 лет назад

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.

BDU:2019-02657

CVSS3: 7.5

fstec

около 6 лет назад

Уязвимость библиотеки Microsoft Common Object Runtime Library программной платформы Microsoft .NET Framework, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 93%

0.10562

Средний