Microsoft Windows ASP.NET Denial Of Service Vulnerability(970957) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS09-036.

Impact

Successful exploitation will allow remote attackers to cause the application pool on the affected web server to become unresponsive, denying service to legitimate users. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS09-036

Insight

The flaws is caused by caused by an error in ASP.NET when managing request scheduling, which could allow attackers to create specially crafted anonymous HTTP requests and cause the web server with ASP.NET in integrated mode to become non-responsive.

Affected

Microsoft .NET Framework 3.5/SP 1 Microsoft .NET Framework 2.0 SP 1/SP 2

References

http://secunia.com/advisories/36127/
http://technet.microsoft.com/en-us/security/bulletin/MS09-036
http://www.vupen.com/english/advisories/2009/2231

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1536

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P

Related Vulnerabilities

MS Exchange Server Remote Code Execution Vulnerabilities (2784126)
Microsoft Windows Error Reporting Security Feature Bypass Vulnerability (3004365)
Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)
MS Exchange Server WebReady Document Viewing Remote Code Execution Vulnerabilities (2740358)
Microsoft FAST Search Server 2010 for SharePoint RCE Vulnerabilities (2742321)

Take action and discover your vulnerabilities