Intrusion Prevention



This indicates an attack attempt against a Denial of Service vulnerability in ASP.NET when running on IIS.
The vulnerability is caused by an error when ASP.NET does not decrement a counter used to determine how many requests are concurrently being processed. It allows a remote attacker to cause ASP.NET to stop processing requests.

Affected Products

Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1


Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the patch, available from the web site:

CVE References