First published: Fri Feb 08 2019(Updated: )
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft .NET Core | =1.0 | |
Microsoft .NET Core | =2.1 | |
Microsoft .NET Core | =2.2 | |
Microsoft Powershell Core | =6.0 | |
Microsoft Powershell Core | =6.1 | |
Microsoft Visual Studio 2017 | ||
Microsoft Visual Studio 2017 | =15.9 | |
Microsoft .NET Framework | =2.0-sp2 | |
Microsoft .NET Framework | =3.0-sp2 | |
Microsoft Windows Server 2008 | =sp2 | |
Microsoft .NET Framework | =3.5 | |
Microsoft Windows 10 | =1607 | |
Microsoft Windows 10 | =1703 | |
Microsoft Windows 10 | =1709 | |
Microsoft Windows 10 | =1803 | |
Microsoft Windows 10 | =1809 | |
Microsoft Windows 8.1 | ||
Microsoft Windows Server 2012 | ||
Microsoft Windows Server 2012 | =r2 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2016 | =1709 | |
Microsoft Windows Server 2016 | =1803 | |
Microsoft Windows Server 2019 | ||
Microsoft .NET Framework | =3.5.1 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft .NET Framework | =4.5.2 | |
Microsoft Windows RT 8.1 | ||
Microsoft Windows Server 2008 | =sp1 | |
Microsoft .NET Framework | =4.6 | |
Microsoft .NET Framework | =4.6.2 | |
Microsoft .NET Framework | =4.7 | |
Microsoft .NET Framework | =4.7.1 | |
Microsoft .NET Framework | =4.7.2 | |
Microsoft .NET Framework | =4.6.1 | |
Microsoft Windows 10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-0657 is a vulnerability in certain .Net Framework APIs and Visual Studio that allows for URL spoofing.
CVE-2019-0657 has a severity level of medium (5.9).
The affected software includes Microsoft .NET Core 1.0, 2.1, and 2.2, Microsoft PowerShell Core 6.0 and 6.1, Microsoft Visual Studio 2017, and Microsoft .NET Framework 2.0 SP2, 3.0 SP2, and 3.5.
To fix CVE-2019-0657, it is recommended to install the latest security updates provided by Microsoft for the affected software.
You can find more information about CVE-2019-0657 on Red Hat's website and GitHub.