MS09-036: Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.

Synopsis :

The remote .Net Framework is susceptible to a denial of service

Description :

The remote host is running a version of the .NET Framework component of
Microsoft Windows that is suspectible to a denial of service attack due
to the way ASP.NET manages request scheduling. Using specially crafted
anonymous HTTP requests, an anonymous, remote attacker can cause the web
server to become unresponsive until the associated application pool is

Note that the vulnerable code in the .NET Framework is exposed only
through IIS 7.0 when operating in integrated mode.

See also :

Solution :

Microsoft has released a set of patches for .NET Framework 2.0 and

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 40555 ()

Bugtraq ID: 35985

CVE ID: CVE-2009-1536