Microsoft Windows Patterns & Practices EntLib DOS Vulnerability Network Vulnerability

Summary

This host has Microsoft Windows Patterns & Practices Enterprise Library installed and is prone to Denial of Service vulnerability.

Impact

Successful attack could allow attackers to crash application or CPU consumption and to cause denial of service. Impact Level: Application

Solution

Upgrade to Microsoft Windows Patterns & Practices Enterprise Library 5.0 or later. For updates refer to http://www.codeplex.com/entlib

Insight

An error occurs in Blocks/Common/Src/Configuration/Manageability/Adm/ AdmContentBuilder.cs while processing an input string composed of many '\' ie backslash characters followed by a double quote related to a certain regular expression.

Affected

Microsoft Windows Patterns & Practices Enterprise Library 3.1, 4.0 and 4.1

References

http://www.checkmarx.com/Upload/Documents/PDF/Checkmarx_OWASP_IL_2009_ReDoS.pdf
http://www.securityfocus.com/archive/1/506453/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3275
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apple Safari Denial Of Service Vulnerability - Jul09
Apple iTunes Multiple Vulnerabilities
ClamAV Invalid Memory Access Denial Of Service Vulnerability
Asterisk T.38 Negotiation Remote Denial Of Service Vulnerability
eZ/eZphotoshare Denial of Service

Take action and discover your vulnerabilities