CVE-2019-1453
published 2019-12-10CVE-2019-1453: A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
Affected
69 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | ibm_appscan_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | splunk_plugin | — | — |
| jenkins | strict_crumb_issuer_plugin | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
GHSA
GHSA-3w89-xp68-5ffh: A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially
ghsa_unreviewed·2022-05-24
CVE-2019-1453 [MEDIUM] GHSA-3w89-xp68-5ffh: A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
Microsoft
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
vendor_msrc·2019-12-10·CVSS 7.5
CVE-2019-1453 [HIGH] Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Description: A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding.
To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services.
The update addresses the vulnerability by correcting how RDP handles connection requests.
Microsoft Windows: Microsoft Windows
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Red Hat
jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
vendor_redhat·2019-08-28·CVSS 4.8
CVE-2019-10383 [MEDIUM] CWE-79 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
Package: jenkins (Red Hat OpenShift Container Platform 3.10) - Will not fix
Package: jenkins (Red Hat OpenShift Container Platform 3.9) - Will not fix
No detection rules found.
No public exploits indexed.
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
Exploits y vulnerabilidades
## December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro Dec 11, 2019 Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday . Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, an
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
Exploits & Vulnerabilities
## December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro 2019/12/11 Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday . Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and S
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
## December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro Dec 11, 2019 Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday . Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and SQL Server. None of the fix
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
Ausnutzung von Schwachstellen
## December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro Dec 11, 2019 Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday . Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server,
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
Sfruttamento vulnerabilità
## December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro Dec 11, 2019 Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday . Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
Exploits & Vulnerabilities
# December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro
2019/12/11
Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday. Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and SQ
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
# December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro
Dec 11, 2019
Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday. Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and SQL Server. None of the fixe
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
Exploits & Vulnerabilities
## December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro Dec 11, 2019 Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday . Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and
Talos
Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-12-10·CVSS 7.8
[HIGH] Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 25 vulnerabilities, two of which are considered critical.
This month’s security update covers security issues in a variety of Microsoft services and software, including Remote Desktop Protocol, Hyper-V and multiple Microsoft Office products.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here .
## Critical vulnerabilities Microsoft disclosed two critical vulnerabilities this month, both of which we will highlight b
Talos
Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-12-10·CVSS 7.8
[HIGH] Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 25 vulnerabilities, two of which are considered critical.
This month’s security update covers security issues in a variety of Microsoft services and software, including Remote Desktop Protocol, Hyper-V and multiple Microsoft Office products.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here.
### Critical vulnerabilities Microsoft disclosed two critical vulnerabilities this month, both of which we will highlight below.
CVE-2019-1468 is a remote code execution vulnerability in the Windows font libr
Talos
Vulnerability Spotlight: Two vulnerabilities in RDP for Windows 7, XP
blogs_talos·2019-12-10·CVSS 7.5
[HIGH] Vulnerability Spotlight: Two vulnerabilities in RDP for Windows 7, XP
A Cisco Talos researcher discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered two issues in two implementations of Microsoft Remote Desktop Services: a denial-of-service vulnerability that affects Windows 7/Windows Server 2008 (when RDP 8.0 is enabled), Windows 8/Server 2012, and Windows 10/Server 2016. The Remote Desktop Protocol is used by Remote Desktop Services in order to allow a user or administrator to take control of a remote machine via a network connection. The denial-of-service vulnerability exists after the connection setup when one is able to perform the license exchange, and the information leak vulnerabilities exist during the connection setup of the process where the client and the server negotiate various aspects relevant to the session They
Bugzilla
CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
bugzilla·2019-08-30·CVSS 4.8
CVE-2019-10383 [MEDIUM] CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
Reference:
http://www.openwall.com/lists/oss-security/2019/08/28/4
Discussion:
Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1747294]
---
External References:
https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1453
---
"Any security advisory related updates to Jenkins core or the plugins we include in the OpenShift Jenkins master image will only occur in the v3.11 and v4.x branches of this repository."
http
Bugzilla
CVE-2019-7398 ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c
bugzilla·2019-02-05·CVSS 7.5
CVE-2019-7398 [HIGH] CVE-2019-7398 ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c
CVE-2019-7398 ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
References:
https://github.com/ImageMagick/ImageMagick/issues/1453
Discussion:
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1672590]
---
Upstream patch:
https://github.com/ImageMagick/ImageMagick/commit/9cf2f738f714eba6d47be1127ed255acd2b51750
---
ImageMagick6 commit:
https://github.com/ImageMagick/ImageMagick6/commit/dfa1e752bce7b6994765897fb6606d6069345442
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
---
This bug is now closed. Further updates for individual product
2019-12-10
Published