CVE-2009-1536

low

Microsoft

CVSS v3 Base Score

2.6

AV:N/AC:H/Au:N/C:N/I:N/A:P

EPSS Score

53.1%

Exploitation probability in 30 days

Top 2% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Confidentiality

None

Integrity

None

Availability

Published: August 12, 2009 (6119 days ago)

Last Modified: April 23, 2026

Vendor: Microsoft

Source: NVD

Description

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."

CWE

CWE-20

Affected Products

microsoft .net frameworkmicrosoft windows server 2008microsoft windows vista

References

🔗 blogs.technet.com 🔗 osvdb.org 🔗 secunia.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com

CVE-2009-1536

Vulnerability Report

Description

CWE

Affected Products

References