CVE-2009-1536

Currently unrated

Key Information:

Vendor: Microsoft
Status: .net Framework; Windows Server 2008; Windows Vista
Vendor: CVE Published:; 12 August 2009

Summary

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

third-party-advisoryx_refsource_CERT

http://www.vupen.com/english/advisories/2009/2231

vdb-entryx_refsource_VUPEN

EPSS Score

94% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 12, 2009
Vulnerability Reserved
May 5, 2009

Collectors

NVD DatabaseMitre Database