CVE-2020-1108

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions .NET Core versions prior to the fixed version .NET Framework versions prior to the fixed version

Description A denial of service issue exists due to improper handling of web requests. This can be exploited remotely without authentication, allowing an attacker to cause a denial of service against a .NET Core or .NET Framework web application by issuing specially crafted requests.

Recommendations For .NET Core versions prior to the fixed version, update to the latest version to resolve the issue. For .NET Framework versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the web application to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2020-2513

ALT-PU-2020-2514

ALT-PU-2020-2592

ALT-PU-2020-2593

BDU:2020-02481

BIT-DOTNET-2020-1108

BIT-DOTNET-SDK-2020-1108

BIT-POWERSHELL-2020-1108

CESA-2020_2143

CESA-2020_2250

CESA-2020_2450

CESA-2020_2471

CVE-2020-1108

GHSA-3W5P-JHP5-C29Q

RHSA-2020:2143

RHSA-2020:2146

RHSA-2020:2249

RHSA-2020:2250

RHSA-2020:2450

RHSA-2020:2471

RHSA-2020:2475

RHSA-2020:2476

RHSA-2020_2143

RHSA-2020_2250

RHSA-2020_2450

RHSA-2020_2471

Affected Products

.Net Framework

Alt Linux

Centos

Net Core

Red Hat

CVE-2020-1108

Weakness Enumeration

Related Identifiers

Affected Products

References · 18