Back to KEVs

CVE-2014-0253

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote...

Basic Information

CVE State
PUBLISHED
Reserved Date
December 03, 2013
Published Date
February 12, 2014
Last Updated
August 06, 2024
Vendor
Microsoft
Product
.NET Framework
Description
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."
Tags
dotnet

CVSS Scores

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploit Status

Exploited in the Wild
Yes (2014-02-12 02:00:00 UTC) Source

References

http://www.securitytracker.com/id/1029745 http://osvdb.org/103162 http://www.securityfocus.com/bid/65415 http://secunia.com/advisories/56793 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009

Known Exploited Vulnerability Information

Source Added Date
CVE 2014-02-12 02:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel