microsoft asp-net-core CVE-2020-1597 in Microsoft and Fedora Project Products
Published on August 17, 2020

ASP.NET Core Denial of Service Vulnerability

product logo product logo product logo
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2020-1597

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-1597 are published in these products:

Microsoft ASP.NET Core
 
Microsoft Visual Studio 2017
 
Microsoft Visual Studio 2019
 
Fedora Project Fedora
 

Affected Versions

Microsoft ASP.NET Core 2.1: Microsoft ASP.NET Core 3.1: Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3): Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8): Microsoft Visual Studio 2019 version 16.0: Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6):

Exploit Probability

EPSS
8.52%
Percentile
92.26%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.