SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   ASP.NET Vendors:   Microsoft
Microsoft ASP.NET Request Scheduling Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1022715
SecurityTracker URL:  http://securitytracker.com/id/1022715
CVE Reference:   CVE-2009-1536   (Links to External Site)
Date:  Aug 11 2009
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Microsoft ASP.NET. A remote user can cause denial of service conditions.

A remote user can send specially crafted HTTP requests to the target web service to trigger a flaw in request scheduling and cause the target service to become non-responsive until the associated application pool is restarted.

Web pages that use ASP.NET in the same application pool will be unavailable.

Alexander Pfandt of Digitaria reported this vulnerability.

Impact:   A remote user can cause the target web service to become unresponsive.
Solution:   The vendor has issued the following fixes:

Windows Vista*, Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5:

http://www.microsoft.com/downloads/details.aspx?familyid=d42444bb-5030-4b47-87fa-9df3a8c640ff

Windows Vista Service Pack 1*, Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5:

http://www.microsoft.com/downloads/details.aspx?familyid=cbf40800-f3b3-43da-ace1-d942d3378ccd

Windows Vista x64 Edition*, Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5:

http://www.microsoft.com/downloads/details.aspx?familyid=d42444bb-5030-4b47-87fa-9df3a8c640ff

Windows Vista x64 Edition Service Pack 1*, Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5:

http://www.microsoft.com/downloads/details.aspx?familyid=cbf40800-f3b3-43da-ace1-d942d3378ccd

Windows Server 2008 for 32-bit Systems**, Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5:

http://www.microsoft.com/downloads/details.aspx?familyid=cbf40800-f3b3-43da-ace1-d942d3378ccd

Windows Server 2008 for x64-based Systems**, Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5:

http://www.microsoft.com/downloads/details.aspx?familyid=cbf40800-f3b3-43da-ace1-d942d3378ccd

Windows Server 2008 for Itanium-based Systems, Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5:

http://www.microsoft.com/downloads/details.aspx?familyid=cbf40800-f3b3-43da-ace1-d942d3378ccd

A restart is not required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-036.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms09-036.mspx (Links to External Site)
Cause:   State error
Underlying OS:  Windows (2008), Windows (Vista)
Underlying OS Comments:  Vista SP1, 2008; and prior service packs

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC