1. Home
  2. CVE Database
  3. CVE-2020-1597
HIGH · 7.5

CVE-2020-1597

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET...

Vulnerability Description

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
MicrosoftAsp.Net Core2.1
MicrosoftVisual Studio 2017>= 15.0, <= 15.8
MicrosoftVisual Studio 2019>= 16.0, <= 16.3
FedoraprojectFedora32

References

FAQ

What is CVE-2020-1597?

CVE-2020-1597 is a vulnerability with a CVSS score of 7.5 (HIGH). A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET...

How severe is CVE-2020-1597?

CVE-2020-1597 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-1597?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Asp.Net Core, Microsoft Visual Studio 2017, Microsoft Visual Studio 2019, Fedoraproject Fedora.