{"containers": {"cna": {"affected": [{"product": "ASP.NET Core", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2.1"}, {"status": "affected", "version": "3.0"}, {"status": "affected", "version": "3.1"}]}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-16T19:06:08", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"}, {"name": "RHSA-2020:0130", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0130"}, {"name": "RHSA-2020:0134", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0134"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0602", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ASP.NET Core", "version": {"version_data": [{"version_value": "2.1"}, {"version_value": "3.0"}, {"version_value": "3.1"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"}, {"name": "RHSA-2020:0130", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0130"}, {"name": "RHSA-2020:0134", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0134"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:11:04.661Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"}, {"name": "RHSA-2020:0130", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0130"}, {"name": "RHSA-2020:0134", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0134"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0602", "datePublished": "2020-01-14T23:11:20", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:11:04.661Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "19C3047E-C222-4636-B1B3-722F2C65BC99", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E4319AB8-5013-46B4-8E3C-6FDCFC65FC7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5FE4072E-3226-435C-BC61-A775D3EF2822", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio cuando ASP.NET Core maneja inapropiadamente las peticiones web, tambi\u00e9n se conoce como \"ASP.NET Core Denial of Service Vulnerability\"."}], "id": "CVE-2020-0602", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-14T23:15:30.287", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0130"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0134"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:0134", "cpe": "cpe:/a:redhat:rhel_dotnet:3.0::el7", "package": "rh-dotnet30-dotnet-0:3.0.102-3.el7", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2020-01-16T00:00:00Z"}, {"advisory": "RHSA-2020:0134", "cpe": "cpe:/a:redhat:rhel_dotnet:3.0::el7", "package": "rh-dotnet31-dotnet-0:3.1.101-4.el7", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2020-01-16T00:00:00Z"}, {"advisory": "RHSA-2020:0134", "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7", "package": "rh-dotnet30-dotnet-0:3.0.102-3.el7", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2020-01-16T00:00:00Z"}, {"advisory": "RHSA-2020:0134", "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7", "package": "rh-dotnet31-dotnet-0:3.1.101-4.el7", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2020-01-16T00:00:00Z"}, {"advisory": "RHSA-2020:0130", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet3.0-0:3.0.102-2.el8_1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-01-16T00:00:00Z"}], "bugzilla": {"description": "dotnet: Denial of service via backpressure issue", "id": "1789623", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789623"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.", "A denial of service flaw was found in ASP.NET Core. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted requests to an ASP.NET Core application. The highest threat from this flaw is system availability."], "name": "CVE-2020-0602", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:2.1", "fix_state": "Not affected", "package_name": "rh-dotnet21", "product_name": ".NET Core 2.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:2.2", "fix_state": "Not affected", "package_name": "rh-dotnet22", "product_name": ".NET Core 2.2 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet3.1", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2020-01-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-0602\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0602\nhttps://github.com/aspnet/Announcements/issues/402\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"], "threat_severity": "Important", "upstream_fix": "aspnet core 3.0.1, aspnet core 3.1.1"}