CVE-2020-1597
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/08/2020
Last modified:
19/01/2024
Description
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.<br />
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.<br />
The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.<br />
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:* | 15.0 (including) | 15.8 (including) |
| cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* | 16.0 (including) | 16.3 (including) |
| cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* | 16.5 (including) | 16.6 (including) |
| cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597