Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MS09-036: ASP.NET for Microsoft Windows DoS (970957)

Medium

Synopsis

The remote .Net Framework is susceptible to a denial of service attack

Description

The remote host is running a version of the .NET Framework component of Microsoft Windows that is suspectible to a denial of service attack due to the way ASP.NET manages request scheduling. Using specially crafted anonymous HTTP requests, an anonymous remote attacker can cause the web server to become unresponsive until the associated application pool is restarted. Note that the vulnerable code in the .NET Framework is exposed only through IIS 7.0 when operating in integrated mode.

Solution

Microsoft has released a set of patches for .NET Framework 2.0 and 3.5