CVE-2019-0545

CWE-200 — Information Exposure7 documents7 sources

Severity

7.5HIGH

EPSS

9.7%

top 7.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft .net Core Microsoft Microsoft .net Framework Microsoft .net Framework

Timeline

PublishedJan 8

Latest updateMay 14

Description

An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NE…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDmicrosoft/.net_framework11 versions+10

▶CVEListV5microsoft/microsoft_.net_framework83 versions+82

▶NuGetMicrosoft.NETCore.App2.1.0 — 2.1.7+1

▶CVEListV5microsoft/.net_core2.1, 2.2+1

▶NVDmicrosoft/.net_core2.1, 2.2+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

Exposure of Sensitive Information in System.Net.Http↗2022-05-14

▶

GHSA

Exposure of Sensitive Information in System.Net.Http↗2022-05-14

▶

CVEList

CVE-2019-0545: An information disclosure vulnerability exists in↗2019-01-08

▶

📋Vendor Advisories

Red Hat

Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure↗2019-01-08

▶

Microsoft

.NET Framework Information Disclosure Vulnerability↗2019-01-08

▶

💬Community

Bugzilla

CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure↗2018-12-18

▶