Endpoint Vulnerability

Microsoft: .NET Framework Information Disclosure Vulnerability

Description

An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass.

Affected Products

Microsoft .NET Framework 4.5.2 on Windows RT 8.1,Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1,Microsoft .NET Framework 4.7.2 on Windows Server, version 1803 (Server Core Installation),Microsoft .NET Framework 3.5 on Windows Server, version 1803 (Server Core Installation),.NET Core 2.1,.NET Core 2.2,Microsoft .NET Framework 3.5 on Windows Server, version 1709 (Server Core Installation),Windows Server 2016,Microsoft .NET Framework 4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation),Windows Server 2012

References

CVE-2019-0545,