CVE-2014-0253
EXPLOITED IN THE WILDMicrosoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 - Denial of Service via Crafted HTTP Requests
Title source: llmExploitation Summary
CVE-2014-0253 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029745
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/103162
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65415
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56793
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009
Scores
EPSS
0.3870
EPSS Percentile
98.4%
Details
VulnCheck KEV
2014-02-11
InTheWild.io
2018-10-12
CWE
CWE-20
Status
published
Products (7)
microsoft/.net_framework
1.1 sp1
microsoft/.net_framework
2.0 sp2
microsoft/.net_framework
3.5
microsoft/.net_framework
3.5.1
microsoft/.net_framework
4.0
microsoft/.net_framework
4.5
microsoft/.net_framework
4.5.1
Published
Feb 12, 2014
Tracked Since
Feb 18, 2026