What is CVE-2020-1597?

CVE-2020-1597 is a vulnerability in Microsoft Asp.net Core 2.1. Published 2020-08-17.

Is CVE-2020-1597 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Asp.net Core 2.1

CVE-2020-1597

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerabilit…

EPSS: 0.076 (92.0th percentile) — read the EPSS interpretation.

Affected products

Microsoft Asp.net Core 2.1 — versions 2.0
Microsoft Asp.net Core 3.1 — versions 3.0
Microsoft Visual Studio 2017 Version 15.9 (Includes 15.0 - 15.8) — versions 15.9.0
Microsoft Visual Studio 2019 Version 16.0 — versions 16.0
Microsoft Visual Studio 2019 Version 16.4 (Includes 16.0 - 16.3) — versions 16.0
Microsoft Visual Studio 2019 Version 16.7 (Includes 16.0 – 16.6) — versions 16.0.0

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597 (x_refsource_MISC)
FEDORA-2020-cad5d17c6d (vendor-advisory, x_refsource_FEDORA)
FEDORA-2020-9ddf1aa50b (vendor-advisory, x_refsource_FEDORA)

Frequently asked questions

What is CVE-2020-1597?: CVE-2020-1597 is a vulnerability in Microsoft Asp.net Core 2.1. Published 2020-08-17.
Is CVE-2020-1597 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.