Home

CVE-2009-1536

Description

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka Remote Unauthenticated Denial of Service in ASP.NET Vulnerability.

Risk Information

Base Score
7.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
53.089

Associated Vulnerability

VulnerabilityOS Platform
Microsoft .NET Framework 2.0 Service Pack 1 ASP.NET Security Update for Windows Vista(KB972591) x86 based systemsWindows
Microsoft .NET Framework 2.0 Service Pack 2 ASP.NET Security Update for Windows Vista(KB972592) x86 based systemsWindows
Microsoft .NET Framework 2.0 Service Pack 1 ASP.NET Security Update for Windows Vista Service Pack 1 and Windows Server 2008Windows
Microsoft .NET Framework 2.0 Service Pack 1 ASP.NET Security Update for Windows Vista Service Pack 1 and Windows Server 2008(KB972594) x86 based systemsWindows
Microsoft .NET Framework 2.0 Service Pack 1 ASP.NET Security Update for Windows Vista(KB972591) x64 bases systemsWindows
Microsoft .NET Framework 2.0 Service Pack 2 ASP.NET Security Update for Windows Vista(KB972592) x64 bases systemsWindows
Microsoft .NET Framework 2.0 Service Pack 1 ASP.NET Security Update for Windows Vista Service Pack 1 and Windows Server 2008(KB972593) x64 bases systemsWindows
Microsoft .NET Framework 2.0 Service Pack 2 ASP.NET Security Update for Windows Vista Service Pack 1 and Windows Server 2008Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-7300Microsoft .NET Framework 2.0 Service Pack 1 ASP.NET Security Update for Windows Vista Service Pack 1 and Windows Server 2008

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234