Denial of Service Vulnerability in Microsoft ASP.NET Framework
CVE-2009-1536

Currently unrated

Key Information:

Vendor: Microsoft
Status: .net Framework; Windows Server 2008; Windows Vista
Vendor: CVE Published:; 12 August 2009

Summary

The ASP.NET component of Microsoft .NET Framework, specifically in versions 2.0 SP1, SP2, and 3.5, allows remote attackers to disrupt service by exploiting improper request scheduling when running in integrated mode on IIS 7.0. By sending specially crafted HTTP requests, an attacker can initiate a denial of service condition that impacts the availability of the application.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

third-party-advisoryx_refsource_CERT

http://www.vupen.com/english/advisories/2009/2231

vdb-entryx_refsource_VUPEN

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 12, 2009
Vulnerability Reserved
May 5, 2009