CVE-2020-1476
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/08/2020
Last modified:
23/02/2026
Description
An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files.<br />
To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server.<br />
The update addresses the vulnerability by changing how ASP.NET and .NET handle requests.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page