New Search

Remote Unauthenticated Denial of Service in ASP.NET Vulnerability

oval:org.mitre.oval:def:6393

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1 when ASP 2.0 is used in integrated mode on IIS 7.0 does not properly manage request scheduling which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008
  • Microsoft Windows Vista
Class:
vulnerability
Reference(s):
  • CVE-2009-1536
Product(s):
  • Microsoft .NET Framework