CVE-2014-0253

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 1.1 SP1 through 4.5.1

Description The issue allows remote attackers to cause a denial of service, resulting in an ASP.NET daemon hang, via crafted HTTP requests that trigger persistent resource consumption for a stale or closed connection. This has been exploited in the wild. The problem exists in Microsoft ASP.NET and could allow an attacker to cause an ASP.NET server to become unresponsive.

Recommendations For Microsoft .NET Framework versions 1.1 SP1 through 4.5.1, consider restricting access to the ASP.NET service to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the ASP.NET daemon to prevent the denial of service condition. Avoid using crafted HTTP requests that could trigger persistent resource consumption for a stale or closed connection until the issue is resolved.