Search for vulnerabilities
Vulnerability details: VCID-9nw8-71z9-aaab
Vulnerability ID VCID-9nw8-71z9-aaab
Aliases CVE-2020-1108
GHSA-3w5p-jhp5-c29q
Summary Uncontrolled Resource Consumption A denial of service vulnerability exists when dotnet Core or dotnet Framework improperly handles web requests.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20 Improper Input Validation
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2020:2143
rhas Important https://access.redhat.com/errata/RHSA-2020:2146
rhas Important https://access.redhat.com/errata/RHSA-2020:2249
rhas Important https://access.redhat.com/errata/RHSA-2020:2250
rhas Important https://access.redhat.com/errata/RHSA-2020:2450
rhas Important https://access.redhat.com/errata/RHSA-2020:2471
rhas Important https://access.redhat.com/errata/RHSA-2020:2475
rhas Important https://access.redhat.com/errata/RHSA-2020:2476
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1108.json
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01494 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01494 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01494 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01494 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01494 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01494 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01494 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01494 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01494 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01494 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01494 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01745 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01783 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01783 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01783 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01783 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01783 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01783 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01783 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01783 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01783 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.01783 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
epss 0.0739 https://api.first.org/data/v1/epss?cve=CVE-2020-1108
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1827643
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-3w5p-jhp5-c29q
cvssv3.1 7.5 https://github.com/dotnet/announcements/issues/157
generic_textual HIGH https://github.com/dotnet/announcements/issues/157
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2020-1108
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1108
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1108
cvssv3.1 7.5 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108
generic_textual HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1108.json
https://api.first.org/data/v1/epss?cve=CVE-2020-1108
https://github.com/dotnet/announcements/issues/157
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108
1827643 https://bugzilla.redhat.com/show_bug.cgi?id=1827643
cpe:2.3:a:microsoft:.net:5.0:preview1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net:5.0:preview1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:5.0:preview2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net:5.0:preview2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:5.0:preview3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net:5.0:preview3:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_core:3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:3.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_core:5.0:preview1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:5.0:preview1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_core:5.0:preview2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:5.0:preview2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_core:5.0:preview3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:5.0:preview3:*:*:*:*:*:*
cpe:2.3:a:microsoft:powershell:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell:7.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2019:16.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2019:16.4:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2019:16.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2019:16.5:*:*:*:*:*:*:*
CVE-2020-1108 https://nvd.nist.gov/vuln/detail/CVE-2020-1108
GHSA-3w5p-jhp5-c29q https://github.com/advisories/GHSA-3w5p-jhp5-c29q
RHSA-2020:2143 https://access.redhat.com/errata/RHSA-2020:2143
RHSA-2020:2146 https://access.redhat.com/errata/RHSA-2020:2146
RHSA-2020:2249 https://access.redhat.com/errata/RHSA-2020:2249
RHSA-2020:2250 https://access.redhat.com/errata/RHSA-2020:2250
RHSA-2020:2450 https://access.redhat.com/errata/RHSA-2020:2450
RHSA-2020:2471 https://access.redhat.com/errata/RHSA-2020:2471
RHSA-2020:2475 https://access.redhat.com/errata/RHSA-2020:2475
RHSA-2020:2476 https://access.redhat.com/errata/RHSA-2020:2476
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1108.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/dotnet/announcements/issues/157
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-1108
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-1108
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-1108
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.51104
EPSS Score 0.00144
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.