Public exploits available
On this page
This vulnerability affects all versions of Microsoft .NET Framework and could allow for an unauthenticated denial of service attack on servers that serve ASP.NET pages. Sites that only serve static content or disallow dynamic content types listed in the mitigation factors below are not vulnerable.
An attacker could use this vulnerability to cause a denial of service attack and disrupt the availability of sites that use ASP.NET.
Technical details (analysis)
This vulnerability allows for an unauthenticated attacker to degrade the performance of an ASP.NET site creating a denial of service condition. An unauthenticated attacker could send a small number of specifically crafted ASP.NET form posts to an affected ASP.NET site, causing a denial of service condition.
All versions of ASP.NET
All applications not on the affected list.
No known solutions at this time
Release Date: 2011-12-28T00:00:00
Known false positives
No known false positives at this time.
Configuration-based workaround - limit of the maximum request size that ASP.NET will accept from a client. Decreasing the maximum request size will decrease the susceptibility of the ASP.NET server to a denial of service attack.