Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Vulnerability in Microsoft's ASP.NET web services

Dec 9, 2003 11:25PM PST

Microsoft ASP.NET Web Services XML Parsing Lets Remote Users Consume CPU Resources With SOAP Requests

SecurityTracker Alert ID: 1008428
Date: Dec 10 2003
Impact: Denial of service via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): .NET 1.0, 1.1

Description: A vulnerability was reported in Microsoft's ASP.NET web services. A remote user can submit an XML SOAP request to cause the target service to consume excessive CPU resources.

Sanctum reported that if the SOAP request includes specially crafted XML attributes, the target XML parser may consume all available CPU resources for an extended period of time (from several seconds to minutes).

The vendor was reportedly notified on August 28, 2003.

Impact: A remote user can cause the target system to consume excessive CPU resources for a temporary period of time.

Solution: Microsoft has issued Knowledge Base Article 832878 describing how to limit the impact of this security issue:

http://support.microsoft.com/default.aspx?kbid=832878

Vendor URL: support.microsoft.com/default.aspx?kbid=832878
Cause: Input validation error
Underlying OS: Windows (Any)
Reported By: Amit Klein

http://www.securitytracker.com/alerts/2003/Dec/1008428.html


--
Donna
Online Security Tools

Discussion is locked