Microsoft ASP.NET Web Services XML Parsing Lets Remote Users Consume CPU Resources With SOAP Requests
SecurityTracker Alert ID: 1008428
Date: Dec 10 2003
Impact: Denial of service via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): .NET 1.0, 1.1
Description: A vulnerability was reported in Microsoft's ASP.NET web services. A remote user can submit an XML SOAP request to cause the target service to consume excessive CPU resources.
Sanctum reported that if the SOAP request includes specially crafted XML attributes, the target XML parser may consume all available CPU resources for an extended period of time (from several seconds to minutes).
The vendor was reportedly notified on August 28, 2003.
Impact: A remote user can cause the target system to consume excessive CPU resources for a temporary period of time.
Solution: Microsoft has issued Knowledge Base Article 832878 describing how to limit the impact of this security issue:
http://support.microsoft.com/default.aspx?kbid=832878
Vendor URL: support.microsoft.com/default.aspx?kbid=832878
Cause: Input validation error
Underlying OS: Windows (Any)
Reported By: Amit Klein
http://www.securitytracker.com/alerts/2003/Dec/1008428.html
--
Donna
Online Security Tools

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic