Vulnerabilities > CVE-2019-0982 - Data Processing Errors vulnerability in Microsoft Asp.Net Core 2.1/2.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- XML Nested Payloads Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
- XML Oversized Payloads Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
- XML Client-Side Attack Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
- XML Parser Attack Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]
Nessus
NASL family Windows NASL id SMB_NT_MS19_MAY_ASPDOTNET_CORE.NASL description The Microsoft ASP.NET Core installation on the remote host is version 2.1.x < 2.1.11, 2.2.x < 2.2.5. It is, therefore, affected by a denial of service (DoS) vulnerability when ASP.NET Core improperly handles web requests. An unauthenticated, remote attacker could exploit this issue, via sending a specially crafted requests to the .NET Core application, to cause the application to stop responding. last seen 2020-06-01 modified 2020-06-02 plugin id 125164 published 2019-05-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125164 title Security Update for Microsoft ASP.NET Core (DoS) (May 2019) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(125164); script_version("1.4"); script_cvs_date("Date: 2019/10/30 13:24:47"); script_cve_id("CVE-2019-0980", "CVE-2019-0981", "CVE-2019-0982"); script_bugtraq_id(108207, 108208); script_name(english:"Security Update for Microsoft ASP.NET Core (DoS) (May 2019)"); script_summary(english:"Checks the version of Microsoft ASP.NET Core packages."); script_set_attribute(attribute:"synopsis", value: "The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages."); script_set_attribute(attribute:"description", value: "The Microsoft ASP.NET Core installation on the remote host is version 2.1.x < 2.1.11, 2.2.x < 2.2.5. It is, therefore, affected by a denial of service (DoS) vulnerability when ASP.NET Core improperly handles web requests. An unauthenticated, remote attacker could exploit this issue, via sending a specially crafted requests to the .NET Core application, to cause the application to stop responding."); # https://devblogs.microsoft.com/dotnet/net-core-may-2019/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75f23c84"); # https://github.com/dotnet/announcements/issues/112 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d238d2f5"); # https://github.com/dotnet/announcements/issues/113 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f495ef09"); # https://github.com/aspnet/Announcements/issues/359 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cdcee111"); script_set_attribute(attribute:"solution", value: "Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0980"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:aspnet_core"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("microsoft_asp_dotnet_core_win.nbin"); script_require_keys("installed_sw/ASP .NET Core Windows"); script_require_ports(139, 445); exit(0); } include('vcf.inc'); app = 'ASP .NET Core Windows'; app_info = vcf::get_app_info(app:app, win_local:TRUE); constraints = [ { 'min_version' : '2.1', 'fixed_version' : '2.1.11'}, { 'min_version' : '2.2', 'fixed_version' : '2.2.5' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);NASL family Windows NASL id SMB_NT_MS19_MAY_DOTNET_CORE_SDK.NASL description The Microsoft .NET Core SDK installation on the remote host is version 1.x < 1.1.14, 2.1.x < 2.1.507 or 2.1.604, 2.2.x < 2.2.107 or 2.2.204. It is, therefore, affected by a denial of service (DoS) vulnerability when .NET Core improperly handles web requests. An unauthenticated, remote attacker could exploit this issue, via sending a specially crafted requests to the .NET Core application, to cause the application to stop responding. last seen 2020-06-01 modified 2020-06-02 plugin id 125225 published 2019-05-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125225 title Security Update for .NET Core SDK (May 2019) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(125225); script_version("1.2"); script_cvs_date("Date: 2019/10/30 13:24:47"); script_cve_id( "CVE-2019-0820", "CVE-2019-0980", "CVE-2019-0981", "CVE-2019-0982" ); script_bugtraq_id(108245, 108207, 108208); script_xref(name:"IAVA", value:"2019-A-0149"); script_name(english:"Security Update for .NET Core SDK (May 2019)"); script_summary(english:"Checks for Windows Install of .NET Core."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is affected by a .NET Core SDK vulnerability."); script_set_attribute(attribute:"description", value: "The Microsoft .NET Core SDK installation on the remote host is version 1.x < 1.1.14, 2.1.x < 2.1.507 or 2.1.604, 2.2.x < 2.2.107 or 2.2.204. It is, therefore, affected by a denial of service (DoS) vulnerability when .NET Core improperly handles web requests. An unauthenticated, remote attacker could exploit this issue, via sending a specially crafted requests to the .NET Core application, to cause the application to stop responding."); # https://devblogs.microsoft.com/dotnet/net-core-may-2019/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75f23c84"); # https://github.com/dotnet/announcements/issues/111 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bc7b707c"); # https://github.com/dotnet/announcements/issues/112 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d238d2f5"); # https://github.com/dotnet/announcements/issues/113 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f495ef09"); # https://github.com/aspnet/Announcements/issues/359 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cdcee111"); script_set_attribute(attribute:"solution", value:"Refer to vendor documentation."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0980"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/16"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:.net_core"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("microsoft_dotnet_core_sdk_win.nbin"); script_require_keys("installed_sw/.NET Core SDK Windows", "Settings/ParanoidReport"); script_require_ports(139, 445); exit(0); } include('vcf.inc'); if (report_paranoia < 2) audit(AUDIT_PARANOID); app = '.NET Core SDK Windows'; app_info = vcf::get_app_info(app:app, win_local:TRUE); constraints = [ { 'fixed_version' : '1.1.14' }, { 'min_version' : '2.1', 'fixed_version' : '2.1.507' }, { 'min_version' : '2.1.600', 'fixed_version' : '2.1.604'}, { 'min_version' : '2.2', 'fixed_version' : '2.2.107' }, { 'min_version' : '2.2.200', 'fixed_version' : '2.2.204'} ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);NASL family Windows NASL id SMB_NT_MS19_MAY_DOTNET_CORE.NASL description The Microsoft .NET Core installation on the remote host is version 1.0.x < 1.0.16, 1.1.x < 1.1.13, 2.1.x < 2.1.11, 2.2.x < 2.2.5. It is, therefore, affected by a denial of service (DoS) vulnerability when .NET Core improperly handles web requests. An unauthenticated, remote attacker could exploit this issue, via sending a specially crafted requests to the .NET Core application, to cause the application to stop responding. last seen 2020-06-01 modified 2020-06-02 plugin id 125217 published 2019-05-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125217 title Security Update for .NET Core (May 2019) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include("compat.inc"); if (description) { script_id(125217); script_version("1.3"); script_cvs_date("Date: 2019/10/30 13:24:47"); script_cve_id( "CVE-2019-0820", "CVE-2019-0980", "CVE-2019-0981", "CVE-2019-0982" ); script_bugtraq_id(108245, 108207, 108208); script_xref(name:"IAVA", value:"2019-A-0149"); script_name(english:"Security Update for .NET Core (May 2019)"); script_summary(english:"Checks for Windows Install of .NET Core."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is affected by a .NET Core denial of service vulnerabilities."); script_set_attribute(attribute:"description", value: "The Microsoft .NET Core installation on the remote host is version 1.0.x < 1.0.16, 1.1.x < 1.1.13, 2.1.x < 2.1.11, 2.2.x < 2.2.5. It is, therefore, affected by a denial of service (DoS) vulnerability when .NET Core improperly handles web requests. An unauthenticated, remote attacker could exploit this issue, via sending a specially crafted requests to the .NET Core application, to cause the application to stop responding."); # https://devblogs.microsoft.com/dotnet/net-core-may-2019/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75f23c84"); # https://github.com/dotnet/announcements/issues/111 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bc7b707c"); # https://github.com/dotnet/announcements/issues/112 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d238d2f5"); # https://github.com/dotnet/announcements/issues/113 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f495ef09"); # https://github.com/aspnet/Announcements/issues/359 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cdcee111"); script_set_attribute(attribute:"solution", value:"Refer to vendor documentation."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0980"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:.net_core"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("microsoft_dotnet_core_win.nbin"); script_require_keys("installed_sw/.NET Core Windows"); exit(0); } include('vcf.inc'); app = '.NET Core Windows'; app_info = vcf::get_app_info(app:app, win_local:TRUE); constraints = [ { 'min_version' : '1.0', 'fixed_version' : '1.0.16.5115', 'fixed_display' : '1.0.16 (1.0.16.5115)' }, { 'min_version' : '1.1', 'fixed_version' : '1.1.13.1809', 'fixed_display' : '1.1.13 (1.1.13.1809)' }, { 'min_version' : '2.1', 'fixed_version' : '2.1.11.27618', 'fixed_display' : '2.1.11 (2.1.11.27618)' }, { 'min_version' : '2.2', 'fixed_version' : '2.2.5.27618', 'fixed_display' : '2.2.5 (2.2.5.27618)' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);