MS14-053: Vulnerability in .NET Framework Could Allow Denial of Service (2990931)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The version of the .NET Framework installed on the remote host is
affected by a denial of service vulnerability.

Description :

The remote Windows host has a version of the Microsoft .NET Framework
that is affected by a vulnerability that allows a remote attacker to
cause a denial of service by sending specially crafted requests to an
ASP.NET web application running on the affected system.

Note that ASP.NET is not installed by default and ASP.NET must be
registered and enabled for the host to be affected.

See also :

https://technet.microsoft.com/library/security/MS14-053

Solution :

Microsoft has released a set of patches for .NET Framework 1.1 SP1,
2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 77573 ()

Bugtraq ID: 69603

CVE ID: CVE-2014-4072

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now