Release DateJan 05, 2012 |
Severityhigh |
ImpactDenial of Service: Remote attackers can crash vulnerable systems. |
DescriptionThis indicates an attack attempt against a Denial of Service vulnerability in Microsoft ASP.NET.The vulnerability is caused by an error when the vulnerable software handles overly large HTTP POST requests. It allows a remote attacker to crash vulnerable systems by sending a crafted http request. |
Affected ProductsWindows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for 32-bit Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft .NET Framework 1.1 Service Pack 1* Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1 Microsoft .NET Framework 4 |
Recommended ActionsRefer to the vendor's web site for suggested workaround.http://technet.microsoft.com/en-us/security/advisory/2659883 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2011-3414 |
Reference/shttps://github.com/HybrisDisaster/aspHashDoShttp://technet.microsoft.com/en-us/security/advisory/2659883 http://technet.microsoft.com/en-us/security/bulletin/MS11-100.mspx (MS-ID) |
