New exploit for recently patched Windows Web Server leak

There is a new exploit for a recently patched Windows Web Server leak. It’s about the hash collision DoS vulnerability in ASP.NET. By sending a special prepared HTTP request, the attacker is able to make the web server use 100% of its CPU.

More information can be found here:

http://blog.spiderlabs.com/2012/01/modsecurity-mitigations-for-aspnet-hashtable-dos-vulnerability-cve-2011-3414.html

Exploit can be found here:

https://github.com/HybrisDisaster/aspHashDoS