CVE-2009-1536

Published: Aug 12, 2009Modified: Apr 23, 2026

2.6

Vector

AV:N/AC:H/Au:N/C:N/I:N/A:P

Exploitability: 4.9 / Impact: 2.9

Source: NVD

Description

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."

Affected (7)

Products: Microsoft: .net Framework, Windows Server 2008, Windows Vista

3 products

Windows Server 2008

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Microsoft .net Framework	Version 2.0 sp1
Microsoft .net Framework	Version 2.0 sp2
Microsoft .net Framework	Version 3.5
Microsoft .net Framework	Version 3.5 sp1
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx

Source: secure@microsoft.com

Vendor Advisory

http://osvdb.org/56905

Source: secure@microsoft.com

Broken Link

http://secunia.com/advisories/36127

Source: secure@microsoft.com

Third Party Advisory

http://www.securityfocus.com/bid/35985

Source: secure@microsoft.com

PatchThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1022715

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

Source: secure@microsoft.com

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2009/2231

Source: secure@microsoft.com

Permissions RequiredThird Party Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-036

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6393

Source: secure@microsoft.com

Third Party Advisory

http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://osvdb.org/56905

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/36127

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/35985

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1022715

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2009/2231

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-036

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6393

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.