Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Published: 2020-05-21
Updated: 2024-11-21
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
Vulnerable Configurations
Part | Description | Count |
Application | Microsoft | 121 |
Nessus
NASL family | Red Hat Local Security Checks |
NASL id | REDHAT-RHSA-2020-2250.NASL |
description | The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2250 advisory. - dotnet: Denial of service via untrusted input (CVE-2020-1108) - dotnet: Denial of service due to infinite loop (CVE-2020-1161) Note that Nessus has not tested for this issue but has instead relied only on the application |
last seen | 2020-05-31 |
modified | 2020-05-22 |
plugin id | 136820 |
published | 2020-05-22 |
reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/136820 |
title | RHEL 8 : dotnet3.1 (RHSA-2020:2250) |
NASL family | Windows |
NASL id | SMB_NT_MS20_MAY_ASPDOTNET_CORE.NASL |
description | The Microsoft ASP.NET Core installation on the remote host is version 3.x < 3.1.4. It is, therefore, affected by a denial of service (DoS) vulnerability when ASP.NET Core improperly handles web requests. An unauthenticated, remote attacker can exploit this issue, via sending a specially crafted requests to the ASP.NET Core application to cause the application to stop responding. |
last seen | 2020-05-18 |
modified | 2020-05-13 |
plugin id | 136527 |
published | 2020-05-13 |
reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/136527 |
title | Security Update for Microsoft ASP.NET Core (DoS) (May 2020) |
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS20_MAY_VISUAL_STUDIO.NASL |
description | The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core or .NET Framework web application. The vulnerability can be exploited remotely, without authentication. (CVE-2020-1108) - A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. (CVE-2020-1161) |
last seen | 2020-06-10 |
modified | 2020-05-12 |
plugin id | 136515 |
published | 2020-05-12 |
reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/136515 |
title | Security Updates for Microsoft Visual Studio Products (May 2020) |
NASL family | Oracle Linux Local Security Checks |
NASL id | ORACLELINUX_ELSA-2020-2250.NASL |
description | From Red Hat Security Advisory 2020:2250 : The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2250 advisory. - dotnet: Denial of service via untrusted input (CVE-2020-1108) - dotnet: Denial of service due to infinite loop (CVE-2020-1161) Note that Nessus has not tested for this issue but has instead relied only on the application |
last seen | 2020-06-12 |
modified | 2020-06-11 |
plugin id | 137345 |
published | 2020-06-11 |
reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/137345 |
title | Oracle Linux 8 : dotnet3.1 (ELSA-2020-2250) |
Redhat
advisories | bugzilla | id | 1827645 | title | CVE-2020-1161 dotnet: Denial of service due to infinite loop |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 8 is installed | oval | oval:com.redhat.rhba:tst:20193384074 |
OR | AND | comment | dotnet3.1-debugsource is earlier than 0:3.1.104-2.el8_2 | oval | oval:com.redhat.rhsa:tst:20202250001 |
comment | dotnet3.1-debugsource is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20202250002 |
|
AND | comment | netstandard-targeting-pack-2.1 is earlier than 0:3.1.104-2.el8_2 | oval | oval:com.redhat.rhsa:tst:20202250003 |
comment | netstandard-targeting-pack-2.1 is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20200130004 |
|
AND | comment | dotnet-templates-3.1 is earlier than 0:3.1.104-2.el8_2 | oval | oval:com.redhat.rhsa:tst:20202250005 |
comment | dotnet-templates-3.1 is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20202250006 |
|
AND | comment | dotnet-targeting-pack-3.1 is earlier than 0:3.1.4-2.el8_2 | oval | oval:com.redhat.rhsa:tst:20202250007 |
comment | dotnet-targeting-pack-3.1 is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20202250008 |
|
AND | comment | dotnet-sdk-3.1 is earlier than 0:3.1.104-2.el8_2 | oval | oval:com.redhat.rhsa:tst:20202250009 |
comment | dotnet-sdk-3.1 is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20202250010 |
|
AND | comment | dotnet-runtime-3.1 is earlier than 0:3.1.4-2.el8_2 | oval | oval:com.redhat.rhsa:tst:20202250011 |
comment | dotnet-runtime-3.1 is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20202250012 |
|
AND | comment | dotnet-hostfxr-3.1 is earlier than 0:3.1.4-2.el8_2 | oval | oval:com.redhat.rhsa:tst:20202250013 |
comment | dotnet-hostfxr-3.1 is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20202250014 |
|
AND | comment | dotnet-host is earlier than 0:3.1.4-2.el8_2 | oval | oval:com.redhat.rhsa:tst:20202250015 |
comment | dotnet-host is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20191259010 |
|
AND | comment | dotnet-apphost-pack-3.1 is earlier than 0:3.1.4-2.el8_2 | oval | oval:com.redhat.rhsa:tst:20202250017 |
comment | dotnet-apphost-pack-3.1 is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20202250018 |
|
AND | comment | dotnet is earlier than 0:3.1.104-2.el8_2 | oval | oval:com.redhat.rhsa:tst:20202250019 |
comment | dotnet is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20191259004 |
|
AND | comment | aspnetcore-targeting-pack-3.1 is earlier than 0:3.1.4-2.el8_2 | oval | oval:com.redhat.rhsa:tst:20202250021 |
comment | aspnetcore-targeting-pack-3.1 is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20202250022 |
|
AND | comment | aspnetcore-runtime-3.1 is earlier than 0:3.1.4-2.el8_2 | oval | oval:com.redhat.rhsa:tst:20202250023 |
comment | aspnetcore-runtime-3.1 is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20202250024 |
|
|
|
|
| rhsa | id | RHSA-2020:2250 | released | 2020-05-21 | severity | Important | title | RHSA-2020:2250: dotnet3.1 security update (Important) |
|
|
rpms | - rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.4-2.el7
- rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.4-2.el7
- rh-dotnet31-dotnet-0:3.1.104-2.el7
- rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.4-2.el7
- rh-dotnet31-dotnet-debuginfo-0:3.1.104-2.el7
- rh-dotnet31-dotnet-host-0:3.1.4-2.el7
- rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.4-2.el7
- rh-dotnet31-dotnet-runtime-3.1-0:3.1.4-2.el7
- rh-dotnet31-dotnet-sdk-3.1-0:3.1.104-2.el7
- rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.4-2.el7
- rh-dotnet31-dotnet-templates-3.1-0:3.1.104-2.el7
- rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.104-2.el7
- aspnetcore-runtime-3.1-0:3.1.4-2.el8_2
- aspnetcore-targeting-pack-3.1-0:3.1.4-2.el8_2
- dotnet-0:3.1.104-2.el8_2
- dotnet-apphost-pack-3.1-0:3.1.4-2.el8_2
- dotnet-apphost-pack-3.1-debuginfo-0:3.1.4-2.el8_2
- dotnet-host-0:3.1.4-2.el8_2
- dotnet-host-debuginfo-0:3.1.4-2.el8_2
- dotnet-hostfxr-3.1-0:3.1.4-2.el8_2
- dotnet-hostfxr-3.1-debuginfo-0:3.1.4-2.el8_2
- dotnet-runtime-3.1-0:3.1.4-2.el8_2
- dotnet-runtime-3.1-debuginfo-0:3.1.4-2.el8_2
- dotnet-sdk-3.1-0:3.1.104-2.el8_2
- dotnet-sdk-3.1-debuginfo-0:3.1.104-2.el8_2
- dotnet-targeting-pack-3.1-0:3.1.4-2.el8_2
- dotnet-templates-3.1-0:3.1.104-2.el8_2
- dotnet3.1-debuginfo-0:3.1.104-2.el8_2
- dotnet3.1-debugsource-0:3.1.104-2.el8_2
- netstandard-targeting-pack-2.1-0:3.1.104-2.el8_2
|