CVE-2019-0548 — Uncontrolled Resource Consumption in Microsoft Asp.net Core

CWE-19 CWE-400 — Uncontrolled Resource Consumption8 documents7 sources

Severity

7.5HIGHNVD

EPSS

6.7%

top 8.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Asp.net Core

Timeline

PublishedJan 8

Latest updateMay 14

Description

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5microsoft/asp.net_core2.1, 2.2+1

▶NVDmicrosoft/asp.net_core2.1, 2.2+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-9pfr-cc3p-p98q: A denial of service vulnerability exists when ASP↗2022-05-14

▶

GHSA

Denial of service in ASP.NET Core↗2022-05-14

▶

CVEList

CVE-2019-0548: A denial of service vulnerability exists when ASP↗2019-01-08

▶

📋Vendor Advisories

Microsoft

ASP.NET Core Denial of Service Vulnerability↗2019-01-08

▶

Red Hat

Core: AspNetCoreModule WebSocket DOS↗2019-01-08

▶

Red Hat

Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET)↗2019-01-08

▶

💬Community

Bugzilla

CVE-2019-0548 Asp.NET Core: AspNetCoreModule WebSocket DOS↗2018-12-18

▶