var-201905-1186
Vulnerability from variot

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. An attacker can exploit this issue to cause a denial of service condition

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1186",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "2.2"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "2.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "db": "BID",
        "id": "108208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft.",
    "sources": [
      {
        "db": "BID",
        "id": "108208"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-0982",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-0982",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-20378",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-0982",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-0982",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-0982",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-20378",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-393",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-0982",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0982"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. \nAn attacker can exploit this issue to cause a denial of service condition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0982"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      },
      {
        "db": "BID",
        "id": "108208"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0982"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0982",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "108208",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0982",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0982"
      },
      {
        "db": "BID",
        "id": "108208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "id": "VAR-201905-1186",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:21:36.874000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2019-0982 | ASP.NET Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982"
      },
      {
        "title": "CVE-2019-0982 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0982"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2020-20378)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/211635"
      },
      {
        "title": "Microsoft ASP.NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92543"
      },
      {
        "title": "Symantec Threat Intelligence Blog",
        "trust": 0.1,
        "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0982"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-19",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0982"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0982"
      },
      {
        "trust": 1.3,
        "url": "https://www.securityfocus.com/bid/108208"
      },
      {
        "trust": 0.9,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0982"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2019/at190023.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/19.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108208"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0982"
      },
      {
        "db": "BID",
        "id": "108208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0982"
      },
      {
        "db": "BID",
        "id": "108208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "date": "2019-05-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0982"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "BID",
        "id": "108208"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      },
      {
        "date": "2019-05-16T19:29:05.083000",
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "date": "2019-05-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0982"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "BID",
        "id": "108208"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "date": "2019-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      },
      {
        "date": "2024-11-21T04:17:36.993000",
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.