pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a538f1e924
vuln-list-alt/oval/p11/ALT-PU-2021-1178/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

153 lines
6.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211178",
"Version": "oval:org.altlinux.errata:def:20211178",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1178: package `dotnet-bootstrap` update to version 3.1.11-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1178",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1178",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-04007",
"RefURL": "https://bdu.fstec.ru/vul/2020-04007",
"Source": "BDU"
},
{
"RefID": "BDU:2020-04581",
"RefURL": "https://bdu.fstec.ru/vul/2020-04581",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00192",
"RefURL": "https://bdu.fstec.ru/vul/2021-00192",
"Source": "BDU"
},
{
"RefID": "CVE-2020-1045",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-1045",
"Source": "CVE"
},
{
"RefID": "CVE-2020-1597",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-1597",
"Source": "CVE"
},
{
"RefID": "CVE-2021-1723",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-1723",
"Source": "CVE"
}
],
"Description": "This update upgrades dotnet-bootstrap to version 3.1.11-alt1. \nSecurity Fix(es):\n\n * BDU:2020-04007: Уязвимость программной платформы ASP.NET Core, связанная с ошибками обработки запросов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-04581: Уязвимость анализатора файлов cookie программной платформы ASP.NET Core, позволяющая нарушителю выполнить обход функций безопасности\n\n * BDU:2021-00192: Уязвимость программной платформы ASP.NET Core и средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2020-1045: \u003cp\u003eA security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.\u003c/p\u003e\n\u003cp\u003eThe ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.\u003c/p\u003e\n\n\n * CVE-2020-1597: A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.\nA remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.\nThe update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.\n\n\n * CVE-2021-1723: ASP.NET Core and Visual Studio Denial of Service Vulnerability",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-01-28"
},
"Updated": {
"Date": "2021-01-28"
},
"BDUs": [
{
"ID": "BDU:2020-04007",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2020-04007",
"Impact": "High",
"Public": "20200811"
},
{
"ID": "BDU:2020-04581",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2020-04581",
"Impact": "High",
"Public": "20200908"
},
{
"ID": "BDU:2021-00192",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2021-00192",
"Impact": "High",
"Public": "20210112"
}
],
"CVEs": [
{
"ID": "CVE-2020-1045",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-1045",
"Impact": "Low",
"Public": "20200911"
},
{
"ID": "CVE-2020-1597",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-1597",
"Impact": "High",
"Public": "20200817"
},
{
"ID": "CVE-2021-1723",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-1723",
"Impact": "Low",
"Public": "20210112"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211178001",
"Comment": "dotnet-bootstrap is earlier than 0:3.1.11-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink