CVE-2020-1597

CVE Database · CVE-2020-1597

CVE-2020-1597

· HIGHModified

CVSS v3.1

7.5

EPSS

6.56%

Published

Aug 17, 2020

Modified

Feb 23, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products (7)

microsoft · asp.net_corevulnerable

microsoft · visual_studio_2017vulnerable

microsoft · visual_studio_2019vulnerable

fedoraproject · fedoravulnerable

References (6)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597

PatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs