QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2014-0253

Back to search

CVE-2014-0253

Published: Feb 12, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."

VendorProductVersions

n/a

n/a

affected
n/a

References

1029745
vdb-entry
x_refsource_SECTRACK
103162
vdb-entry
x_refsource_OSVDB
65415
vdb-entry
x_refsource_BID
56793
third-party-advisory
x_refsource_SECUNIA
MS14-009
vendor-advisory
x_refsource_MS

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now