CVE-2014-4072 — Microsoft NET Framework vulnerability

CWE-3993 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

39.6%

top 2.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft NET Framework

Timeline

PublishedSep 10

Latest updateMay 14

Description

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of service (resource consumption and ASP.NET performance degradation) via crafted requests, aka ".NET Framework Denial of Service Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/net_framework9 versions+8

🔴Vulnerability Details

GHSA

GHSA-mf5r-75x7-f326: Microsoft↗2022-05-14

▶

CVEList

CVE-2014-4072: Microsoft↗2014-09-10

▶