ID: IRCNE2011121356
Date: 2011-12-31
According to "techworld", Microsoft has issued an out-of-band fix for a vulnerability in its ASP.NET web platform that could allow an attacker to launch a successful DoS attack on a server using a nothing more sophisticated than a stream of 100kb files.
An attacker exploiting Security Advisory 2659883, rated critical, could exploit a weakness in the way ASP.NET and a number of other web applications including Java and PHP 5 generate hash tables from an HTTP POST request, eating a server CPU’s entire resources for a period of time with a single file.
“An attacker could potentially repeatedly issue such requests, causing performance to degrade significantly enough to cause a denial of service condition for even multi-core servers or clusters of servers.” Microsoft said this week in its advisory.
- 2