CVE-2020-1597
ASP.NET Core Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.
The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.
Se presenta una vulnerabilidad de denegaciĆ³n de servicio cuando ASP.NET Core maneja inapropiadamente las peticiones web, tambiĆ©n se conoce como "ASP.NET Core Denial of Service Vulnerability".
A flaw was found in ASP.NET Core. Client disconnects were not properly handled in all circumstances. A remote, unauthenticated attacker could send specially crafted requests that would consume more disk and CPU resources than necessary potentially leading to a denial of service via resource exhaustion. The highest threat from this vulnerability is to system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-04 CVE Reserved
- 2020-08-11 CVE Published
- 2024-06-06 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597 | 2024-01-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Asp.net Core Search vendor "Microsoft" for product "Asp.net Core" | 2.1 Search vendor "Microsoft" for product "Asp.net Core" and version "2.1" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Asp.net Core Search vendor "Microsoft" for product "Asp.net Core" | 3.1 Search vendor "Microsoft" for product "Asp.net Core" and version "3.1" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio 2017 Search vendor "Microsoft" for product "Visual Studio 2017" | >= 15.0 <= 15.8 Search vendor "Microsoft" for product "Visual Studio 2017" and version " >= 15.0 <= 15.8" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio 2019 Search vendor "Microsoft" for product "Visual Studio 2019" | >= 16.0 <= 16.3 Search vendor "Microsoft" for product "Visual Studio 2019" and version " >= 16.0 <= 16.3" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio 2019 Search vendor "Microsoft" for product "Visual Studio 2019" | >= 16.5 <= 16.6 Search vendor "Microsoft" for product "Visual Studio 2019" and version " >= 16.5 <= 16.6" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||