Unrated severityNVD Advisory· Published Aug 12, 2009· Updated Jun 16, 2026
CVE-2009-1536
CVE-2009-1536
Description
ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*
- (no CPE)range: =2.0 SP1, =2.0 SP2, =3.5 Gold, =3.5 SP1
- cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
9- www.securityfocus.com/bid/35985nvdPatchThird Party AdvisoryVDB Entry
- blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspxnvdVendor Advisory
- secunia.com/advisories/36127nvdThird Party Advisory
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA09-223A.htmlnvdThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2009/2231nvdPermissions RequiredThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6393nvdThird Party Advisory
- osvdb.org/56905nvdBroken Link
- docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-036nvd
News mentions
0No linked articles in our index yet.