Vulnerability Name: CVE-2019-0545 (CCN-154898) Assigned: 2018-11-26 Published: 2019-01-08 Updated: 2022-05-23 Summary: An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-200 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2019-0545 106405 RHSA-2019:0040 ms-dotnet-cve20190545-info-disc(154898) Microsoft ASP.NET Information Disclosure Vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545 CVE-2019-0545 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* Configuration 2 :cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1703:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1709:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1803:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1809:*:*:*:*:*:*:* Configuration 3 :cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* Configuration 4 :cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* Configuration 5 :cpe:/a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* Configuration 6 :cpe:/a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* Configuration 7 :cpe:/a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:1709:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server:1709:*:*:*:*:*:*:* Configuration 8 :cpe:/a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:1803:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server:1803:*:*:*:*:*:*:* Configuration 9 :cpe:/a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:1703:*:*:*:*:*:*:* Configuration 10 :cpe:/a:microsoft:.net_core:2.1:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_core:2.2:-:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_core:2.1:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_core:2.2:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_core:2.3:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:ultimate_n:*:x86:* OR cpe:/o:microsoft:windows_7::sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:::~~~~x64~:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_10:::~~~~x64~:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server:1709:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server:1803:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:arm64:* BACK
microsoft .net framework 2.0 sp2
microsoft .net framework 3.0 sp2
microsoft windows server 2008 - sp2
microsoft .net framework 3.5
microsoft windows server 2012 r2
microsoft windows server 2016 *
microsoft windows 10 1607
microsoft windows 8.1 *
microsoft windows server 2012 *
microsoft windows 10 1703
microsoft windows 10 -
microsoft windows 10 1709
microsoft windows 10 1803
microsoft windows server 2019 -
microsoft windows 10 1809
microsoft .net framework 3.5.1
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 r2 sp1
microsoft windows 7 - sp1
microsoft .net framework 4.5.2
microsoft windows server 2008 r2 sp1
microsoft windows server 2012 r2
microsoft windows 8.1 *
microsoft windows server 2008 - sp2
microsoft windows 7 - sp1
microsoft windows rt 8.1 -
microsoft windows server 2012 *
microsoft .net framework 4.6.2
microsoft .net framework 4.7
microsoft .net framework 4.7.1
microsoft .net framework 4.7.2
microsoft windows 10 1607
microsoft windows server 2016 -
microsoft .net framework 4.6.1
microsoft .net framework 4.6
microsoft .net framework 4.6.2
microsoft .net framework 4.7
microsoft .net framework 4.7.1
microsoft .net framework 4.7.2
microsoft windows server 2012 r2
microsoft windows 8.1 *
microsoft windows server 2008 r2 sp1
microsoft windows 7 - sp1
microsoft windows rt 8.1 -
microsoft windows server 2012 *
microsoft .net framework 4.7.1
microsoft .net framework 4.7.2
microsoft windows 10 1709
microsoft windows server 1709
microsoft .net framework 4.7.2
microsoft windows 10 1803
microsoft windows server 1803
microsoft .net framework 4.7
microsoft .net framework 4.7.1
microsoft .net framework 4.7.2
microsoft windows 10 1703
microsoft .net core 2.1
microsoft .net core 2.2
microsoft .net framework 2.0 sp2
microsoft .net framework 3.5
microsoft .net framework 3.5.1
microsoft .net framework 3.0 sp2
microsoft .net framework 4.5.2
microsoft .net framework 4.6
microsoft .net framework 4.6.2
microsoft .net framework 4.7.2
microsoft .net core 2.1
microsoft .net core 2.2
microsoft .net core 2.3
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows server 2008
microsoft windows 7 - sp1
microsoft windows 7 sp1
microsoft windows server 2008 r2
microsoft windows server 2008 r2
microsoft windows server 2012
microsoft windows 8.1 - -
microsoft windows 8.1
microsoft windows server 2012 r2
microsoft windows rt 8.1 -
microsoft windows 10 -
microsoft windows 10
microsoft windows server 2016
microsoft windows server 1709
microsoft windows server 1803
microsoft windows server 2019
microsoft windows 10 -
Denotes that component is vulnerable