CVE-2019-0564

HIGH

ASP.NET Core 2.1 - Denial of Service via Improper Web Request Handling

Title source: llm

Description

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106413

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:0040

Scores

CVSS v3 7.5

EPSS 0.0787

EPSS Percentile 92.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-19

Status published

Products (7)

microsoft/asp.net_core 2.1

nuget/Microsoft.AspNetCore.All 2.2.0 - 2.2.1NuGet

nuget/Microsoft.AspNetCore.App 2.2.0 - 2.2.1NuGet

nuget/Microsoft.AspNetCore.Server.Kestrel.Core 2.1.0 - 2.1.7NuGet

nuget/Microsoft.AspNetCore.WebSockets 2.2.0 - 2.2.1NuGet

nuget/Microsoft.NETCore.App 2.2.0 - 2.2.1NuGet

nuget/System.Net.WebSockets.WebSocketProtocol 4.5.0 - 4.5.3NuGet

Published Jan 08, 2019

Tracked Since Feb 18, 2026