CVE-2020-1597

HIGH

ASP.NET Core - Unauthenticated Denial of Service via Specially Crafted Requests

Title source: llm

Description

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/

Scores

CVSS v3 7.5

EPSS 0.0756

EPSS Percentile 91.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (18)

fedoraproject/fedora 32

fedoraproject/fedora 33

microsoft/asp.net_core 2.1

microsoft/asp.net_core 3.1

microsoft/visual_studio_2017 15.0 - 15.8

microsoft/visual_studio_2019 16.0 - 16.3

nuget/Microsoft.AspNetCore.All 2.1.0 - 2.1.21NuGet

nuget/Microsoft.AspNetCore.App 2.1.0 - 2.1.21NuGet

nuget/Microsoft.AspNetCore.App.Runtime.linux-arm 3.1.0 - 3.1.7NuGet

nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64 3.1.0 - 3.1.7NuGet

... and 8 more

Published Aug 17, 2020

Tracked Since Feb 18, 2026