CVE-2009-1536

EPSS 52.48%
Published 12.08.2009 17:30:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ .Net Framework Version2.0 Updatesp1

Microsoft ≫ .Net Framework Version2.0 Updatesp2

Microsoft ≫ .Net Framework Version3.5

Microsoft ≫ .Net Framework Version3.5 Updatesp1

Microsoft ≫ Windows Server 2008 Version-

Microsoft ≫ Windows Vista

Microsoft ≫ Windows Vista Version- Updatesp1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	52.48%	0.977

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

Third Party Advisory

US Government Resource

http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx

Vendor Advisory

http://osvdb.org/56905

Broken Link

http://secunia.com/advisories/36127

Third Party Advisory

http://www.securityfocus.com/bid/35985

Patch

Third Party Advisory