Check Point Advisories

Invalid IIS ASP.Net URI Character Request (CVE-2009-1536)

Vulnerability
Protection

Check Point Reference:	SBP-2009-15
Date Published:	11 Aug 2009
Severity:	Critical
Last Updated:	Thursday 14 January, 2016
Source:
Industry Reference:	CVE-2009-1536
Protection Provided by:	Security Gateway R81, R80, R77, R75, R71, R70, R65
Who is Vulnerable?
Vulnerability Description	A denial of service vulnerability has been reported in ASP.NET. ASP.NET is a collection of technologies within the.NET Framework that enable developers to build Web applications and XML Web Services. A remote attacker may exploit this issue to cause a vulnerable server to become non-responsive. This vulnerability is due to an error in ASP.NET that fails to correctly manage request scheduling. An attacker could exploit this vulnerability by creating a specially crafted series of anonymous HTTP requests to an affected system. Successful exploitation of this vulnerability could cause the application pool on the affected Web server to become non-responsive. As a result, Web pages that use ASP.NET in the same application pool would no longer be reachable and would return an HTTP error.

Protection Overview

This protection will detect and block IIS ASP.Net requests with invalid characters in the URI.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70 / R65

In the IPS tab, click Protections and find the Invalid IIS ASP.Net URI Character Request protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Web Server Enforcement Violation.
Attack Information: Invalid IIS ASP.Net URI character request