Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-036.
Impact
Successful exploitation will allow remote attackers to cause the application pool on the affected web server to become unresponsive, denying service to legitimate users.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS09-036
Insight
The flaws is caused by caused by an error in ASP.NET when managing request scheduling, which could allow attackers to create specially crafted anonymous HTTP requests and cause the web server with ASP.NET in integrated mode to become non-responsive.
Affected
Microsoft .NET Framework 3.5/SP 1
Microsoft .NET Framework 2.0 SP 1/SP 2
References
Severity
Classification
-
CVE CVE-2009-1536 -
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- MS Exchange Server Remote Code Execution Vulnerabilities (2784126)
- Microsoft Windows Error Reporting Security Feature Bypass Vulnerability (3004365)
- Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)
- MS Exchange Server WebReady Document Viewing Remote Code Execution Vulnerabilities (2740358)
- Microsoft FAST Search Server 2010 for SharePoint RCE Vulnerabilities (2742321)