icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MS09-036: ASP.NET for Microsoft Windows DoS (970957)

Medium

Synopsis

The remote .Net Framework is susceptible to a denial of service attack

Description

The remote host is running a version of the .NET Framework component of Microsoft Windows that is suspectible to a denial of service attack due to the way ASP.NET manages request scheduling. Using specially crafted anonymous HTTP requests, an anonymous remote attacker can cause the web server to become unresponsive until the associated application pool is restarted. Note that the vulnerable code in the .NET Framework is exposed only through IIS 7.0 when operating in integrated mode.

Solution

Microsoft has released a set of patches for .NET Framework 2.0 and 3.5