In December, 2011 at the 28th Annual Chaos Communication Congress a vulnerability known as CVE-2011-3414 was disclosed to the public. It didn’t take long for Microsoft Security Responce Center to release a security advisory and a patch to correct the issue. Despite this, however, a user known only as HybrisDisaster published a proof-of-concept exploit taking advantage of the vulnerability on January 6th.
Though the vulnerability affects other web platforms, on ASP.Net it is described as giving “a specially crafted ~100kb HTTP request [the ablility to] consume 100 percent of one CPU core for between 90 and 110 seconds” by Suha Can and Jonathan Ness from Microsoft Security Responce Center. By repeating these requests a user could mount a DoS attack on even a cluster of multi-core servers.
HybrisDisaster, alluding to be a member of Anonymous released the code, telling the public to “use it your own way.” It was expected, of course as Can and Ness stated in December, “We anticipate the imminent public release of exploit code.” Anyone who maintains an ASP.Net application should deploy the patches in Microsoft’s MS11-100 security bulletin.
