MS.ASP.NET.ViewState.DoS

description-logoDescription

This indicates an attack attempt against a denial-of-service vulnerability in Microsoft ASP.NET Framework version 1.x.
The vulnerability exists in the VIEWSTATE functionality if SHA1 integrity checking is disabled. A remote attacker may exploit this by sending a request with a malformed "_VIEWSTATE" attribute, causing a denial-of-service condition.

affected-products-logoAffected Products

ASP.NET 1.x

Impact logoImpact

Denial of service

recomended-action-logoRecommended Actions

Enable SHA1 integrity checking and use extra security precautions to ensure that input is properly validated.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)