Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:46903
HistoryMay 15, 2024 - 3:58 a.m.

Denial Of Service (DoS)

2024-05-1503:58:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
denial of service
.net kestrel web server
vulnerability
concurrent requests

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

9.0%

Microsoft.AspNetCore.App.Runtime is vulnerable to Denial of Service (DoS). The vulnerability is caused by a deadlock that occurs within the .NET Kestrel web server, specifically impacting the handling of concurrent requests under certain conditions, which allows an attacker to potentially disrupt services by creating a condition that triggers the deadlock.

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

9.0%