1. CVE-Search
  2. CVE-2019-1301
ID CVE-2019-1301
Summary A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1750793
title CVE-2019-1301 dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment dotnet is earlier than 0:2.1.509-1.el8_0
          oval oval:com.redhat.rhsa:tst:20192731001
        • comment dotnet is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191259002
      • AND
        • comment dotnet-debugsource is earlier than 0:2.1.509-1.el8_0
          oval oval:com.redhat.rhsa:tst:20192731003
        • comment dotnet-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191259004
      • AND
        • comment dotnet-host is earlier than 0:2.1.13-1.el8_0
          oval oval:com.redhat.rhsa:tst:20192731005
        • comment dotnet-host is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191259006
      • AND
        • comment dotnet-host-fxr-2.1 is earlier than 0:2.1.13-1.el8_0
          oval oval:com.redhat.rhsa:tst:20192731007
        • comment dotnet-host-fxr-2.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191259008
      • AND
        • comment dotnet-runtime-2.1 is earlier than 0:2.1.13-1.el8_0
          oval oval:com.redhat.rhsa:tst:20192731009
        • comment dotnet-runtime-2.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191259010
      • AND
        • comment dotnet-sdk-2.1 is earlier than 0:2.1.509-1.el8_0
          oval oval:com.redhat.rhsa:tst:20192731011
        • comment dotnet-sdk-2.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191259012
      • AND
        • comment dotnet-sdk-2.1.5xx is earlier than 0:2.1.509-1.el8_0
          oval oval:com.redhat.rhsa:tst:20192731013
        • comment dotnet-sdk-2.1.5xx is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191259014
rhsa
id RHSA-2019:2731
released 2019-09-12
severity Moderate
title RHSA-2019:2731: .NET Core on Red Hat Enterprise Linux security and bug fix update (Moderate)
rpms
  • dotnet-0:2.1.509-1.el8_0
  • dotnet-debuginfo-0:2.1.509-1.el8_0
  • dotnet-debugsource-0:2.1.509-1.el8_0
  • dotnet-host-0:2.1.13-1.el8_0
  • dotnet-host-debuginfo-0:2.1.13-1.el8_0
  • dotnet-host-fxr-2.1-0:2.1.13-1.el8_0
  • dotnet-host-fxr-2.1-debuginfo-0:2.1.13-1.el8_0
  • dotnet-runtime-2.1-0:2.1.13-1.el8_0
  • dotnet-runtime-2.1-debuginfo-0:2.1.13-1.el8_0
  • dotnet-sdk-2.1-0:2.1.509-1.el8_0
  • dotnet-sdk-2.1.5xx-0:2.1.509-1.el8_0
  • dotnet-sdk-2.1.5xx-debuginfo-0:2.1.509-1.el8_0
  • rh-dotnet21-0:2.1-12.el7
  • rh-dotnet21-dotnet-0:2.1.509-1.el7
  • rh-dotnet21-dotnet-debuginfo-0:2.1.509-1.el7
  • rh-dotnet21-dotnet-host-0:2.1.13-1.el7
  • rh-dotnet21-dotnet-runtime-2.1-0:2.1.13-1.el7
  • rh-dotnet21-dotnet-sdk-2.1-0:2.1.509-1.el7
  • rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.509-1.el7
  • rh-dotnet21-runtime-0:2.1-12.el7
  • rh-dotnet22-0:2.2-9.el7
  • rh-dotnet22-dotnet-0:2.2.109-1.el7
  • rh-dotnet22-dotnet-debuginfo-0:2.2.109-1.el7
  • rh-dotnet22-dotnet-host-0:2.2.7-1.el7
  • rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.7-1.el7
  • rh-dotnet22-dotnet-runtime-2.2-0:2.2.7-1.el7
  • rh-dotnet22-dotnet-sdk-2.2-0:2.2.109-1.el7
  • rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.109-1.el7
  • rh-dotnet22-runtime-0:2.2-9.el7
refmap via4
misc https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1301
Last major update 24-08-2020 - 17:37
Published 11-09-2019 - 22:15
Last modified 24-08-2020 - 17:37
Back to Top