MS.ASP.NET.Encoded.Requests.DoS
Description
This indicates an attack attempt against a Denial of Service vulnerability in ASP.NET when running on IIS.
The vulnerability is caused by an error when ASP.NET does not decrement a counter used to determine how many requests are concurrently being processed. It allows a remote attacker to cause ASP.NET to stop processing requests.
Affected Products
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the patch, available from the web site:
http://www.microsoft.com/technet/security/Bulletin/MS09-036.mspx
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |