Microsoft Security Advisory (2659883)
Vulnerability in ASP.NET Could Allow Denial of Service
Microsoft is aware of detailed information that has been published describing a new method to exploit hash tables. Attacks targeting this type of vulnerability are generically known as hash collision attacks. Attacks such as these are not specific to Microsoft technologies and affect other web service software providers. This vulnerability affects all versions of Microsoft .NET Framework and could allow for an unauthenticated denial of service attack on servers that serve ASP.NET pages. Sites that only serve static content or disallow dynamic content types listed in the mitigation factors below are not vulnerable.
CVE Reference: CVE-2011-3414
http://technet.microsoft.com/en-us/security/advisory/2659883
|