SERVER-IIS -- Snort has detected traffic exploiting vulnerabilities in Microsoft IIS Web Servers.
SERVER-IIS Microsoft ASP.NET bad request denial of service attempt
ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." Impact: CVSS base score 2.6 CVSS impact score 2.9 CVSS exploitability score 4.9 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE Details: Ease of Attack:
This rule will alert when known malicious patterns of traffic that could cause a denial of service of the affected software are seen.
No public information
No known false positives
Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].
No rule groups
CVE-2009-1536 |
Loading description
|
Tactic: Impact
Technique: Network Denial of Service
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org