Microsoft Patch: MS11-100:
Security Update for the .NET Framework 4 released December 29, 2011
This bulletin fixes the DOS attack vector by providing a limit to the number of variables that can be submitted for a single HTTP POST request. The default limit is 500 which should be enough for normal web applications, but still low enough to neutralize the attack. This addresses the most obvious attack method immediately and leaves the reimplementation of the hash function for a future update. Overall the bulletin addresses four issues: one critical, two important (one of them the DOS issue).
Rollback the Microsoft security update or
Add the following setting key to the web-config files to overcome this limitation. Note: this is an example to increase it to 2000.
<add key="aspnet:MaxHttpCollectionKeys" value="2000" />