MS09-036: Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
Medium Nessus Plugin ID 40555
SynopsisThe remote .Net Framework is susceptible to a denial of service attack.
DescriptionThe remote host is running a version of the .NET Framework component of Microsoft Windows that is suspectible to a denial of service attack due to the way ASP.NET manages request scheduling. Using specially crafted anonymous HTTP requests, an anonymous, remote attacker can cause the web server to become unresponsive until the associated application pool is restarted.
Note that the vulnerable code in the .NET Framework is exposed only through IIS 7.0 when operating in integrated mode.
SolutionMicrosoft has released a set of patches for .NET Framework 2.0 and 3.5.