Vulnerability:Win/ASPNET.POST.DoS!CVE-2011-3414

Severity rating
Critical

Class/Type
Vulnerability

Discovered date
2011-12-28T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium

Description

This vulnerability affects all versions of Microsoft .NET Framework and could allow for an unauthenticated denial of service attack on servers that serve ASP.NET pages. Sites that only serve static content or disallow dynamic content types listed in the mitigation factors below are not vulnerable.

Top

Impact

An attacker could use this vulnerability to cause a denial of service attack and disrupt the availability of sites that use ASP.NET.

Top

Technical details (analysis)

This vulnerability allows for an unauthenticated attacker to degrade the performance of an ASP.NET site creating a denial of service condition. An unauthenticated attacker could send a small number of specifically crafted ASP.NET form posts to an affected ASP.NET site, causing a denial of service condition.

Top

Affected software

All versions of ASP.NET

Top

Non-affected software

All applications not on the affected list.

Top

References

Microsoft Security Advisory (2659883)
CVE-2011-3414

Top

Solutions

No known solutions at this time

Top

NIS signature

Name: Vulnerability:Win/ASPNET.POST.DoS!CVE-2011-3414
Release Date: 2011-12-28T00:00:00

Top

Known false positives

No known false positives at this time.

Top

Work-arounds

Configuration-based workaround - limit of the maximum request size that ASP.NET will accept from a client. Decreasing the maximum request size will decrease the susceptibility of the ASP.NET server to a denial of service attack.

Top


	Provide feedback Please note: While your feedback is very important to us, we do not respond to individual submissions through this channel. Feedback, requests, or questions submitted through this form are monitored, however responses are not generated. If you require support, please visit the Safety & Security Center.