MS.ASP.NET.ViewState.DoS
Description
This indicates an attack attempt against a denial-of-service vulnerability in Microsoft ASP.NET Framework version 1.x.
The vulnerability exists in the VIEWSTATE functionality if SHA1 integrity checking is disabled. A remote attacker may exploit this by sending a request with a malformed "_VIEWSTATE" attribute, causing a denial-of-service condition.
Affected Products
ASP.NET 1.x
Impact
Denial of service
Recommended Actions
Enable SHA1 integrity checking and use extra security precautions to ensure that input is properly validated.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |