ASP.NET DoS Vulnerability{2}

by Quoc L
A recently discover vulnerability within the ASP coding that let hacker overload the CPU core with HTTP request.  By sending in specially coded  ~100kb HTTP request, it will consume 100% of the core processing power. Sending those in multiples time can easy cog up server resources. This exploit was first identified at the Chaos Communication Congress, called CVE-2011-3414. Later on a user on GitHub(open source community) called HybirsDisaster release actual poof of this exploit.

Sharing this information is important to our class, because we can’t all be 100% certain our code going to be perfect. By having a backup plan in case of event like this happing, we can instantly response to these problem. Another reason is that by using to other people, we can find bug/error quicker because of the additional workforce( even though they are unpaid).

I found this article interesting because it usage of outside help. Using the Chaos Communication Congress, MS can quickly discover and fix this error before hacker can. It also interesting to noted, is the public release of this exploit on GitHub. This release most like cause MS to perform a unscheduled patch for ASP.NET


Constantin, L. (2012, Janu 10). Attack code published for serious dos vulnerability. Retrieved from