Detections
Analytics

MS09-036: ASP.NET for Microsoft Windows DoS (970957)

medium Nessus Network Monitor Plugin ID 5128

Synopsis

The remote .Net Framework is susceptible to a denial of service attack

Description

The remote host is running a version of the .NET Framework component of Microsoft Windows that is suspectible to a denial of service attack due to the way ASP.NET manages request scheduling. Using specially crafted anonymous HTTP requests, an anonymous remote attacker can cause the web server to become unresponsive until the associated application pool is restarted. Note that the vulnerable code in the .NET Framework is exposed only through IIS 7.0 when operating in integrated mode.

Solution

Microsoft has released a set of patches for .NET Framework 2.0 and 3.5

See Also

http://www.microsoft.com/technet/security/Bulletin/MS09-036.mspx

Plugin Details

Severity: Medium

ID: 5128

Family: Web Servers

Published: 8/11/2009

Updated: 3/6/2019

Nessus ID: 40555

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Patch Publication Date: 8/11/2009

Vulnerability Publication Date: 8/11/2009

Reference Information

CVE: CVE-2009-1536

BID: 35985