U radu programskog paketa Microsoft .NET Framework uočen je sigurnosni propust koji udaljenom napadaču omogućuje izvođenje napada uskraćivanjem usluge (DoS).

Microsoft ASP.NET Web Form Processing Denial of Service Vulnerability
Secunia Advisory 	SA47323 	
Get alerted and manage the vulnerability life cycle
Free Trial

Release Date 	2011-12-29
  	 
Popularity 	220 views
Comments 	0 comments

Criticality level 	Less criticalLess critical
Impact 	DoS
Where 	From remote
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Unpatched
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
Remediation status 	Secunia VIM
  	 
Software:	
	Microsoft .NET Framework 1.x
	Microsoft .NET Framework 2.x
	Microsoft .NET Framework 3.x
	Microsoft .NET Framework 4.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	CVE-2011-3414 CVSS available in Customer Area
	   	

Description

A vulnerability has been reported in Microsoft .NET Framework, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within ASP.NET when hashing form posts and updating a hash table. This can be exploited to cause a hash collision resulting in high CPU consumption via a specially crafted form sent in a HTTP POST request.

The vulnerability is reported in Microsoft .NET Framework 1.0 SP3 through Microsoft .NET Framework 4.0.

Solution
Currently there is no known workaround. Microsoft has identified the root cause of the issue, and has a fix that is currently in the testing process.

Provided and/or discovered by
Alexander Klink, n.runs AG and Julian Wälde, Technische Universität Darmstadt

Original Advisory
Microsoft:
http://technet.microsoft.com/en-us/security/advisory/2659883

n.runs (SA-2011.004):
http://www.nruns.com/_downloads/advisory28122011.pdf

Other references
Further details available in Customer Area