CVE-2009-1536
EXPLOITEDMicrosoft .NET Framework 2.0 SP1/SP2 and 3.5 Gold/SP1 - Unauthenticated Denial of Service via Crafted HTTP Requests
Title source: llmExploitation Summary
CVE-2009-1536 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
References (9)
Core 9
Core References
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6393
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-223A.html
Permissions Required, Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2231
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36127
Vendor Advisory x_refsource_misc
http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-036
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022715
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/56905
Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35985
Scores
EPSS
0.5132
EPSS Percentile
98.8%
Details
VulnCheck KEV
2009-08-13
CWE
CWE-20
Status
published
Products (4)
microsoft/.net_framework
2.0 sp1 (2 CPE variants)
microsoft/.net_framework
3.5 (2 CPE variants)
microsoft/windows_server_2008
microsoft/windows_vista
(2 CPE variants)
Published
Aug 12, 2009
Tracked Since
Feb 18, 2026