CVE-2014-0253

EXPLOITED IN THE WILD

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 - Denial of Service via Crafted HTTP Requests

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2014-0253 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029745
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/103162
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65415
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56793

Scores

EPSS 0.3870
EPSS Percentile 98.4%

Details

VulnCheck KEV 2014-02-11
InTheWild.io 2018-10-12
CWE
CWE-20
Status published
Products (7)
microsoft/.net_framework 1.1 sp1
microsoft/.net_framework 2.0 sp2
microsoft/.net_framework 3.5
microsoft/.net_framework 3.5.1
microsoft/.net_framework 4.0
microsoft/.net_framework 4.5
microsoft/.net_framework 4.5.1
Published Feb 12, 2014
Tracked Since Feb 18, 2026