The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.
Software | From | Fixed in |
---|---|---|
microsoft / asp.net | 1.0 | 1.0.x |
microsoft / asp.net | 1.1 | 1.1.x |