⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2014-0253Improper Input Validation in Microsoft NET Framework

CWE-20Improper Input Validation4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
22.4%
top 4.16%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Microsoft NET Framework
Timeline
PublishedFeb 12
Latest updateMay 14

Description

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/net_framework7 versions+6

🔴Vulnerability Details

3
GHSA
GHSA-63vf-8cxj-r6hq: Microsoft2022-05-14
CVEList
CVE-2014-0253: Microsoft2014-02-12
VulnCheck
Microsoft .NET Framework Improper Input Validation2014
CVE-2014-0253 — Improper Input Validation in Microsoft | cvebase