CVE-2014-0253CVE-2014-0253

Affected configuration(s):

cpe:/a:microsoft:.net_framework:1.1:sp1
cpe:/a:microsoft:.net_framework:2.0:sp2
cpe:/a:microsoft:.net_framework:3.5
cpe:/a:microsoft:.net_framework:3.5.1
cpe:/a:microsoft:.net_framework:4.0
cpe:/a:microsoft:.net_framework:4.5
cpe:/a:microsoft:.net_framework:4.5.1

Date published: 2014-02-11T23:50:39.937-05:00

Date last modified: 2014-02-12T09:17:57.830-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://technet.microsoft.com/security/bulletin/MS14-009

Summary: Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka “POST Request DoS Vulnerability.”

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.