In addition to the ASP.NET hash collision Denial of Service attack, Microsoft patches 3 more vulnerabilities resulting in an Aggregate Severity Rating that is Critical.
This is a summary of the vulnerabilities. Please read the full MS11-100 bulletin for more details and how to download and install the patches.
| Vulnerability Severity Rating | Maximum Security Impact | Affected Software | CVE ID |
| Important | Denial of Service | Collisions in HashTable May Cause DoS Vulnerability | CVE-2011-3414 |
| N/A or Moderate | N/A or Spoofing | Insecure Redirect in .NET Form Authentication Vulnerability | CVE-2011-3415 |
| Critical | Elevation of Privilege | ASP.Net Forms Authentication Bypass Vulnerability | CVE-2011-3416 |
| Important | Elevation of Privilege | ASP.NET Forms Authentication Ticket Caching Vulnerability | CVE-2011-3417 |
The CVE-2011-3415 is N/A in .NET 1.1, and Moderate in all other .NET versions.
–jeroen
Filed under: .NET, ASP.NET, C#, Development, Software Development, VB.NET, Visual Studio and tools Tagged: denial of service attack, dos vulnerability, hash collision, microsoft patches, microsoft security bulletin, severity rating
