Microsoft .NET Framework Remote Denial Of Service Vulnerabilities

Summary

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of service (resource consumption and ASP.NET performance degradation) via crafted requests, aka ‘.NET Framework Denial of Service Vulnerability.’

Credit:

Details

Vulnerable Systems:
 * Microsoft .NET Framework before 4.5.2

Immune Systems:
 * Microsoft .NET Framework after 4.5.2

Microsoft .NET Framework is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to degrade the performance of a .NET-enabled website, causing a denial of service condition.

CVE Information:
CVE-2014-4072

Disclosure Timeline:
Original release date: 09/09/2014
Last revised: 09/10/2014

Categories: Windows