The remote .Net Framework is susceptible to a denial of service attack
The remote host is running a version of the .NET Framework component of Microsoft Windows that is suspectible to a denial of service attack due to the way ASP.NET manages request scheduling. Using specially crafted anonymous HTTP requests, an anonymous remote attacker can cause the web server to become unresponsive until the associated application pool is restarted. Note that the vulnerable code in the .NET Framework is exposed only through IIS 7.0 when operating in integrated mode.
Microsoft has released a set of patches for .NET Framework 2.0 and 3.5