CVE-2006-1364

HIGH

ASP.NET < 1.1 - Denial of Service via COM Component Requests

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1364. PoCs published by Debasis Mohanty.

AI-analyzed exploit summary This exploit targets a denial-of-service (DoS) vulnerability in ASP.NET applications by sending multiple HTTP requests to restricted resources. It repeatedly requests sensitive files and COM component references to exhaust server resources.

Description

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Debasis Mohanty · cdoswindows

https://www.exploit-db.com/exploits/1601

View Code ZIP pw:eip

This exploit targets a denial-of-service (DoS) vulnerability in ASP.NET applications by sending multiple HTTP requests to restricted resources. It repeatedly requests sensitive files and COM component references to exhaust server resources.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft ASP.NET (versions affected by CVE-2006-1364)

No auth needed

Prerequisites: Network access to the target web server · Target running vulnerable ASP.NET application

MITRE ATT&CK