ASP.NET DoS Vulnerability

by Mike Y
Microsoft’s ASP.NET web development platform had its vulnerability, CVE-2011-3414, patched. The “vulnerability could allow an anonymous attacker to efficiently consume all CPU resources on a web server, or even on a cluster of web servers,” according to Suha Can and Jonathan Ness, who are Microsoft Security Response Center engineers. An anonymous user, HybrisDisaster, “published a proof-of-concept (PoC) exploit for the ASP.NET vulnerability on GitHub.”

This is relevant to the class topic because many people use ASP.NET to develop their websites. I feel that Microsoft has a good response time as a out-of-band patch was released relatively quickly. The article stated that the “a single specially crafted ~100kb HTTP request can consume 100% of one CPU core for between 90 — 110 seconds.” Good coding practices should make these types of attacks less likely, even though good coding practices can’t stop exploits.

ASP.NET has about 21% of the market share, according to w3techs.com. The vulnerability can affect many sites since so many people use it. Although Microsoft responds quickly, I’m sure many people do not update their sites using ASP.NET as frequently as they should. With the vulnerabilities, hackers like HybrisDisaster can exploit them to take down sites or spread viruses.

 

Constantin, L. (2012, Janu 10). Attack code published for serious asp.net dos vulnerability. PCWorld, Retrieved from http://www.pcworld.com/businesscenter/article/247731/attack_code_published_for_serious_aspnet_dos_vulnerability.html

 

Usage statistics and market share of asp.net for websites. (n.d.). Retrieved from http://w3techs.com/technologies/details/pl-aspnet/all/all

1 thought on “ASP.NET DoS Vulnerability”

  1. Great article and kudos to Micro$oft for patching the exploit early to prevent things from getting out of hands. I think that it would be better if a lot of websites migrate their services to the cloud. There has been a lot of services that will monitor your applications productivity and scale them to meet the traffic demands. It will be much more easier to know if the site is being exploited because the monitoring service would automatically let us know.

Comments are closed.