Intrusion Prevention

MS.ASP.NET.Encoded.Requests.DoS

Description

This indicates an attack attempt against a Denial of Service vulnerability in ASP.NET when running on IIS.
The vulnerability is caused by an error when ASP.NET does not decrement a counter used to determine how many requests are concurrently being processed. It allows a remote attacker to cause ASP.NET to stop processing requests.

Affected Products

Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the patch, available from the web site:
http://www.microsoft.com/technet/security/Bulletin/MS09-036.mspx

CVE References

CVE-2009-1536