Vulnerability Details : CVE-2014-0253
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-0253
- cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:*
Threat overview for CVE-2014-0253
Top countries where our scanners detected CVE-2014-0253
Top open port discovered on systems with this issue
443
IPs affected by CVE-2014-0253 66,237
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-0253!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-0253
11.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0253
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-0253
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0253
-
http://www.securitytracker.com/id/1029745
Microsoft .NET Bugs Lets Remote Users Execute Arbitrary Code and Deny Service - SecurityTracker
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009
Microsoft Security Bulletin MS14-009 - Important | Microsoft Docs
-
http://www.securityfocus.com/bid/65415
Microsoft .NET Framework CVE-2014-0253 Remote Denial of Service Vulnerability
-
http://secunia.com/advisories/56793
Sign in
-
http://osvdb.org/103162
Jump to