CVE-2011-3414

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 1.1 SP1 through 4.0

Description A denial of service issue exists due to the way ASP.NET Framework handles specially crafted requests, causing a hash collision. This allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. An attacker who successfully exploited this issue could send a small number of specially crafted requests to an ASP.NET server, causing performance to degrade significantly enough to cause a denial of service condition.

Recommendations For Microsoft .NET Framework versions 1.1 SP1 through 4.0, consider restricting the ability to trigger hash collisions predictably in the CaseInsensitiveHashProvider.getHashCode function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.