vulnerability
Oracle Linux: CVE-2020-1161: ELSA-2020-2250: dotnet3.1 security update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | May 12, 2020 | Jun 10, 2020 | Dec 3, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
May 12, 2020
Added
Jun 10, 2020
Modified
Dec 3, 2025
Description
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
An infinite loop was found in the HTTP Routing component of Microsoft.AspNetCore.App, which could be exploited by a remote, unauthenticated attacker. This flaw allows an attacker without special privileges to send crafted requests to a machine running an ASP.NET Core application, triggering the infinite loop and causing a denial of service in that application, for example, a web server.
An infinite loop was found in the HTTP Routing component of Microsoft.AspNetCore.App, which could be exploited by a remote, unauthenticated attacker. This flaw allows an attacker without special privileges to send crafted requests to a machine running an ASP.NET Core application, triggering the infinite loop and causing a denial of service in that application, for example, a web server.
Solutions
oracle-linux-upgrade-aspnetcore-runtime-3-1oracle-linux-upgrade-aspnetcore-targeting-pack-3-1oracle-linux-upgrade-dotnetoracle-linux-upgrade-dotnet-apphost-pack-3-1oracle-linux-upgrade-dotnet-hostoracle-linux-upgrade-dotnet-hostfxr-3-1oracle-linux-upgrade-dotnet-runtime-3-1oracle-linux-upgrade-dotnet-sdk-3-1oracle-linux-upgrade-dotnet-targeting-pack-3-1oracle-linux-upgrade-dotnet-templates-3-1oracle-linux-upgrade-netstandard-targeting-pack-2-1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.