CVE-2019-0657

CWE-20 — Improper Input Validation7 documents7 sources

Severity

5.9MEDIUM

EPSS

8.0%

top 7.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft .net Core Microsoft Microsoft .net Framework 2.0 Microsoft Microsoft .net Framework 3.0 +15 more

Timeline

PublishedMar 5

Latest updateMay 14

Description

A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages22 packages

▶NVDmicrosoft/visual_studio_201715.9

▶CVEListV5microsoft/microsoft_visual_studio2017

▶CVEListV5microsoft/microsoft_visual_studio_2017version 15.9

▶NVDmicrosoft/.net_framework11 versions+10

▶CVEListV5microsoft/microsoft_.net_framework_2.0Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

Improper Input Validation in .Net Framework API's↗2022-05-14

▶

OSV

Improper Input Validation in .Net Framework API's↗2022-05-14

▶

CVEList

CVE-2019-0657: A vulnerability exists in certain↗2019-03-06

▶

📋Vendor Advisories

Red Hat

dotnet: Domain-spoofing attack in System.Uri↗2019-02-12

▶

Microsoft

.NET Framework and Visual Studio Spoofing Vulnerability↗2019-02-12

▶

💬Community

Bugzilla

CVE-2019-0657 dotnet: Domain-spoofing attack in System.Uri↗2019-02-08

▶

External resources

NVD MITRE

Affected products18

Microsoft .net Corev1v2.1v2.2+1 more

Microsoft .net Frameworkv2.0v3.0v3.5+8 more

Microsoft Microsoft .net Framework 2.0vService Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2

Microsoft Microsoft .net Framework 3.0vService Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2vService Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2vService Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2

Microsoft Microsoft .net Framework 3.5vWindows 10 Version 1607 for 32-bit SystemsvWindows 10 Version 1607 for x64-based SystemsvWindows 10 Version 1703 for 32-bit Systems+22 more

Microsoft Microsoft .net Framework 3.5.1vWindows 7 for 32-bit Systems Service Pack 1vWindows 7 for x64-based Systems Service Pack 1vWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1+2 more

Microsoft Microsoft .net Framework 4.5.2vWindows 7 for 32-bit Systems Service Pack 1vWindows 7 for x64-based Systems Service Pack 1vWindows 8.1 for 32-bit systems+10 more

Microsoft Microsoft .net Framework 4.6vWindows Server 2008 for 32-bit Systems Service Pack 2vWindows Server 2008 for x64-based Systems Service Pack 2

Microsoft Microsoft .net Framework 4.6.2/4.7/4.7.1/4.7.2vWindows 10 Version 1607 for 32-bit SystemsvWindows 10 Version 1607 for x64-based SystemsvWindows Server 2016+1 more

Microsoft Microsoft .net Framework 4.6/4.6.1/4.6.2vWindows 10 for 32-bit SystemsvWindows 10 for x64-based Systems

Disclosure

PublishedMar 5, 2019

Latest updateMay 14, 2022