Denial of service in Microsoft .NET Framework - CVE-2014-0253
Published: January 19, 2017 / Updated: March 11, 2017
Vulnerability identifier: #VU5042
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2014-0253
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft .NET Framework
Microsoft .NET Framework
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to the failure to properly identify stale or closed HTTP client connections within Microsoft ASP.NET. By sending a specially crafted HTTP POST request, a remote attacker can cause the server to stop responding.
Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack.
The weakness exists due to the failure to properly identify stale or closed HTTP client connections within Microsoft ASP.NET. By sending a specially crafted HTTP POST request, a remote attacker can cause the server to stop responding.
Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack.
How to mitigate CVE-2014-0253
Install update from vendor's website.