← back
CVE-2024-29059

.NET Framework Information Disclosure Vulnerability

CVSS 7.5 HIGHEPSS 98.8%● KEVCWE-209
In short

The .NET Framework can inadvertently expose sensitive system information through error messages or responses. This leakage helps attackers understand the application's internals and plan targeted attacks.

Technical detail

An information disclosure vulnerability in .NET Framework allows remote attackers to obtain sensitive details about the system, application configuration, or internal paths through improper error handling or response mechanisms. The vulnerability has a CVSS score of 7.5, indicating high severity without requiring authentication or user interaction.

Summary generated and translated by AI from the official description.
.NET Framework Information Disclosure Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft .NET Framework 2.0 Service Pack 2Microsoft · Microsoft .NET Framework 3.0 Service Pack 2Microsoft · Microsoft .NET Framework 3.5Microsoft · Microsoft .NET Framework 3.5.1Microsoft · Microsoft .NET Framework 3.5 AND 4.6/4.6.2Microsoft · Microsoft .NET Framework 3.5 AND 4.7.2Microsoft · Microsoft .NET Framework 3.5 AND 4.8Microsoft · Microsoft .NET Framework 3.5 AND 4.8.1Microsoft · Microsoft .NET Framework 4.6.2Microsoft · Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft · Microsoft .NET Framework 4.8
public PoCs found1
githubgithub.com/codewhitesec/HttpRemotingObjRefLeak92
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-29059