Unrated severityNVD Advisory· Published Aug 12, 2009· Updated Apr 23, 2026
CVE-2009-1536
CVE-2009-1536
Description
ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
Affected products
7cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.securityfocus.com/bid/35985nvdPatchThird Party AdvisoryVDB Entry
- blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspxnvdVendor Advisory
- secunia.com/advisories/36127nvdThird Party Advisory
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA09-223A.htmlnvdThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2009/2231nvdPermissions RequiredThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6393nvdThird Party Advisory
- osvdb.org/56905nvdBroken Link
- docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-036nvd
News mentions
0No linked articles in our index yet.