CVE-2020-1597

high Microsoft
CVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
7.6%
Exploitation probability in 30 days
Top 8% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: August 17, 2020 (2096 days ago)
Last Modified: February 23, 2026
Vendor: Microsoft

Description

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

CWE

NVD-CWE-noinfo

Affected Products

microsoft asp.net coremicrosoft visual studio 2017microsoft visual studio 2019fedoraproject fedora

References

🔗 lists.fedoraproject.org 🔗 lists.fedoraproject.org 🔗 portal.msrc.microsoft.com 🔗 lists.fedoraproject.org 🔗 lists.fedoraproject.org