VYPR
Unrated severityNVD Advisory· Published Aug 12, 2009· Updated Jun 16, 2026

CVE-2009-1536

CVE-2009-1536

Description

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*
    • (no CPE)range: =2.0 SP1, =2.0 SP2, =3.5 Gold, =3.5 SP1
  • cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
  • Microsoft/Windows2 versions
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.