Описание
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
An infinite loop was found in the HTTP Routing component of Microsoft.AspNetCore.App, which could be exploited by a remote, unauthenticated attacker. This flaw allows an attacker without special privileges to send crafted requests to a machine running an ASP.NET Core application, triggering the infinite loop and causing a denial of service in that application, for example, a web server.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 2.1 on Red Hat Enterprise Linux | rh-dotnet21 | Not affected | ||
| Red Hat Enterprise Linux 8 | dotnet | Not affected | ||
| Red Hat Enterprise Linux 8 | dotnet3.0 | Not affected | ||
| .NET Core on Red Hat Enterprise Linux | rh-dotnet31-dotnet | Fixed | RHSA-2020:2249 | 21.05.2020 |
| Red Hat Enterprise Linux 8 | dotnet3.1 | Fixed | RHSA-2020:2250 | 21.05.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
Уязвимость программной платформы ASP.NET Core, связанная с ошибками обработки запросов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3