CVE-2020-1597
Last modified
CVE-2020-1597 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. EPSS estimates a 6.56% chance of exploitation in the next 30 days.
Description
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Asp.Net Core | 2.1 |
| Microsoft | Asp.Net Core | 3.1 |
| Microsoft | Visual Studio 2017 | >= 15.0, <= 15.8 |
| Microsoft | Visual Studio 2019 | >= 16.0, <= 16.3 |
| Microsoft | Visual Studio 2019 | >= 16.5, <= 16.6 |
| Fedoraproject | Fedora | 32 |
| Fedoraproject | Fedora | 33 |
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597Patch, Vendor Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-1597?
How severe is CVE-2020-1597?
How do I fix CVE-2020-1597?
Are you affected by CVE-2020-1597?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST