CVE-2019-0564 — Uncontrolled Resource Consumption in Microsoft Asp.net Core

CWE-400 — Uncontrolled Resource Consumption8 documents7 sources

Severity

7.5HIGHNVD

EPSS

7.7%

top 8.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Asp.net Core

Timeline

PublishedJan 8

Latest updateMay 14

Description

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5microsoft/asp.net_core2.1

▶NVDmicrosoft/asp.net_core2.1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

Denial of service in ASP.NET Core↗2022-05-14

▶

OSV

Denial of service in ASP.NET Core↗2022-05-14

▶

CVEList

CVE-2019-0564: A denial of service vulnerability exists when ASP↗2019-01-08

▶

📋Vendor Advisories

Microsoft

ASP.NET Core Denial of Service Vulnerability↗2019-01-08

▶

Red Hat

Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET)↗2019-01-08

▶

Red Hat

Core: AspNetCoreModule WebSocket DOS↗2019-01-08

▶

💬Community

Bugzilla

CVE-2019-0564 Asp.NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET)↗2018-12-18

▶