This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
The remote .Net Framework is susceptible to a denial of service
The remote host is running a version of the .NET Framework component of
Microsoft Windows that is suspectible to a denial of service attack due
to the way ASP.NET manages request scheduling. Using specially crafted
anonymous HTTP requests, an anonymous, remote attacker can cause the web
server to become unresponsive until the associated application pool is
Note that the vulnerable code in the .NET Framework is exposed only
through IIS 7.0 when operating in integrated mode.
See also :
Microsoft has released a set of patches for .NET Framework 2.0 and
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true