Vulnerability in Microsoft Asp.net Core

CVE-2020-0602

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

EPSS: 0.040 (88.7th percentile) — read the EPSS interpretation.

Affected products

Microsoft Asp.net Core — versions 2.1, 3.0, 3.1

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602 (x_refsource_MISC)
RHSA-2020:0130 (vendor-advisory, x_refsource_REDHAT)
RHSA-2020:0134 (vendor-advisory, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2020-0602?: CVE-2020-0602 is a vulnerability in Microsoft Asp.net Core. Published 2020-01-14.
Is CVE-2020-0602 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.