CVE-2019-0545

Name of the Vulnerable Software and Affected Versions: .NET Framework versions 2.0 through 4.7.2 .NET Framework version 3.5 .NET Framework version 3.5.1 .NET Core version 2.1 .NET Core version 2.2

Description: An information disclosure issue exists in .NET Framework and .NET Core, allowing bypassing of Cross-origin Resource Sharing (CORS) configurations. This could enable an attacker to retrieve normally restricted content from a web application. The vulnerability is related to a lack of protection for service data.

Recommendations: For .NET Framework versions 2.0 through 4.7.2, update to a version that includes the fix for this issue. For .NET Framework version 3.5, consider applying configuration changes to restrict access to sensitive data. For .NET Framework version 3.5.1, apply the recommended security patches. For .NET Core version 2.1, restrict access to the vulnerable components until a patch is available. For .NET Core version 2.2, consider disabling the vulnerable functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.