CVE-2014-4072
Description
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of service (resource consumption and ASP.NET performance degradation) via crafted requests, aka .NET Framework Denial of Service Vulnerability.
Risk Information
Base Score
7.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
39.634
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Microsoft .NET Framework 1.1 Service Pack 1 on Windows Server 2003 Service Pack 2 (KB2972207) | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2003 (KB2972214) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2003 (KB2972214) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2003 (KB2973115) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2003 (KB2973115) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB2972215) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB2972215) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2974268) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2974268) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2974269) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2974269) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2972216) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2972216) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2972211) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2972211) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2973112) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2973112) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2972212) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2972212) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2973113) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2973113) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 8, Windows RT 8, and Windows Server 2012 R2 (KB2977766) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 8, Windows RT 8, and Windows Server 2012 R2 (KB2977766) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2972213) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2972213) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2973114) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2973114) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 and .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2977765) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 and .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2977765) x64 bases systems | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-16133 | Security Update for Microsoft .NET Framework 1.1 Service Pack 1 on Windows Server 2003 Service Pack 2 (KB2972207) |
| PATCH-16134 | Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2003 (KB2972214) |
| PATCH-16135 | Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2003 (KB2972214) |
| PATCH-16136 | Security Update for Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2003 (KB2973115) |
| PATCH-16137 | Security Update for Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2003 (KB2973115) |
| PATCH-16138 | Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB2972215) |
| PATCH-16139 | Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB2972215) |
| PATCH-16140 | Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2974268) |
| PATCH-16141 | Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2974268) |
| PATCH-16144 | Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2972216) |
| PATCH-16145 | Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2972216) |
| PATCH-16146 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2972211) |
| PATCH-16147 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2972211) |
| PATCH-16148 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2973112) |
| PATCH-16149 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2973112) |
| PATCH-16150 | Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2972212) |
| PATCH-16152 | Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2973113) |
| PATCH-16153 | Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2973113) |
| PATCH-16154 | Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 8, Windows RT 8, and Windows Server 2012 R2 (KB2977766) |
| PATCH-16155 | Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 8, Windows RT 8, and Windows Server 2012 R2 (KB2977766) |
| PATCH-16156 | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2972213) |
| PATCH-16157 | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2972213) |
| PATCH-16158 | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2973114) |
| PATCH-16159 | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2973114) |
| PATCH-16160 | Security Update for Microsoft .NET Framework 4.5.1 and .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1 (KB2977765) |
| PATCH-16161 | Security Update for Microsoft .NET Framework 4.5.1 and .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2977765) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234