Windows : Microsoft Bulletins : Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.801482

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS09-036.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-036.

Vulnerability Insight:
The flaws is caused by caused by an error in ASP.NET when managing request
scheduling, which could allow attackers to create specially crafted anonymous
HTTP requests and cause the web server with ASP.NET in integrated mode to
become non-responsive.

Vulnerability Impact:
Successful exploitation will allow remote attackers to cause the application
pool on the affected web server to become unresponsive, denying service to
legitimate users.

Affected Software/OS:
- Microsoft .NET Framework 3.5/SP 1

- Microsoft .NET Framework 2.0 SP 1/SP 2

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
2.6

CVSS Vector:
AV:N/AC:H/Au:N/C:N/I:N/A:P

Querverweis: BugTraq ID: 35985
Common Vulnerability Exposure (CVE) ID: CVE-2009-1536
http://www.securityfocus.com/bid/35985
Cert/CC Advisory: TA09-223A
http://www.us-cert.gov/cas/techalerts/TA09-223A.html
http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx
Microsoft Security Bulletin: MS09-036
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-036
http://osvdb.org/56905
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6393
http://www.securitytracker.com/id?1022715
http://secunia.com/advisories/36127
http://www.vupen.com/english/advisories/2009/2231

Copyright Copyright (c) 2010 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.801482
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS09-036.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-036. Vulnerability Insight: The flaws is caused by caused by an error in ASP.NET when managing request scheduling, which could allow attackers to create specially crafted anonymous HTTP requests and cause the web server with ASP.NET in integrated mode to become non-responsive. Vulnerability Impact: Successful exploitation will allow remote attackers to cause the application pool on the affected web server to become unresponsive, denying service to legitimate users. Affected Software/OS: - Microsoft .NET Framework 3.5/SP 1 - Microsoft .NET Framework 2.0 SP 1/SP 2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Querverweis:	BugTraq ID: 35985 Common Vulnerability Exposure (CVE) ID: CVE-2009-1536 http://www.securityfocus.com/bid/35985 Cert/CC Advisory: TA09-223A http://www.us-cert.gov/cas/techalerts/TA09-223A.html http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx Microsoft Security Bulletin: MS09-036 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-036 http://osvdb.org/56905 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6393 http://www.securitytracker.com/id?1022715 http://secunia.com/advisories/36127 http://www.vupen.com/english/advisories/2009/2231
Copyright	Copyright (c) 2010 Greenbone Networks GmbH