Information disclosure in Microsoft .NET Framework

Published: 2018-08-14 22:12:23
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-8360
CVSSv3 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software Microsoft .NET Framework
Vulnerable software versions Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.5.1

Show more

Vendor URL Microsoft

Security Advisory

1) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to an error when .NET Framework is used in high-load/high-density network connections where content from one stream can blend into another stream. A remote attacker who can access one tenant in a high-load/high-density environment could potentially trigger multi-tenanted data exposure from one customer to another.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8360

Back to List