Test ID:	1.3.6.1.4.1.25623.1.0.801482
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Windows ASP.NET Denial of Service Vulnerability (970957)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS09-036.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-036. Vulnerability Insight: The flaws is caused by caused by an error in ASP.NET when managing request scheduling, which could allow attackers to create specially crafted anonymous HTTP requests and cause the web server with ASP.NET in integrated mode to become non-responsive. Vulnerability Impact: Successful exploitation will allow remote attackers to cause the application pool on the affected web server to become unresponsive, denying service to legitimate users. Affected Software/OS: - Microsoft .NET Framework 3.5/SP 1 - Microsoft .NET Framework 2.0 SP 1/SP 2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1536 BugTraq ID: 35985 http://www.securityfocus.com/bid/35985 Cert/CC Advisory: TA09-223A http://www.us-cert.gov/cas/techalerts/TA09-223A.html http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx Microsoft Security Bulletin: MS09-036 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-036 http://osvdb.org/56905 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6393 http://www.securitytracker.com/id?1022715 http://secunia.com/advisories/36127 http://www.vupen.com/english/advisories/2009/2231
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.