CVE-2020-1597

CWE-20Improper Input ValidationCWE-400Uncontrolled Resource Consumption7 documents7 sources
Severity
7.5HIGH
EPSS
7.6%
top 8.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Microsoft Asp.net Core 2.1Microsoft Asp.net Core 3.1Microsoft Microsoft Visual Studio 2017 Version 15.9 (includes 15.0 - 15.8)+7 more
Timeline
PublishedAug 17
Latest updateMay 24

Description

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET C

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages21 packages

NuGetMicrosoft.AspNetCore.All2.1.02.1.21
NuGetMicrosoft.AspNetCore.App2.1.02.1.21
CVEListV5microsoft/asp.net_core_2.12.0publication
CVEListV5microsoft/asp.net_core_3.13.0publication

Also affects: Fedora 32, 33

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
ASP.NET Core Denial of Service Vulnerability2022-05-24
OSV
ASP.NET Core Denial of Service Vulnerability2022-05-24
CVEList
ASP.NET Core Denial of Service Vulnerability2020-08-17

📋Vendor Advisories

2
Red Hat
dotnet: ASP.NET Core Resource Consumption Denial of Service2020-08-11
Microsoft
ASP.NET Core Denial of Service Vulnerability2020-08-11

💬Community

1
Bugzilla
CVE-2020-1597 dotnet: ASP.NET Core Resource Consumption Denial of Service2020-07-27
CVE-2020-1597 (HIGH CVSS 7.5) | A denial of service vulnerability e | cvebase.io