CVE-2006-1364

HIGH

Microsoft w3wp - DoS

Title source: llm

Description

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Debasis Mohanty · cdoswindows

https://www.exploit-db.com/exploits/1601

View Code ZIP pw:eip

References (9)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/428622/100/0/threaded

[Broken Link, Third Party Advisory] http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015825

[Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/17188

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/25392

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/1601

[Exploit, Third Party Advisory] http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html

[Third Party Advisory] http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html

[Third Party Advisory] http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html

Scores

CVSS v3 7.5

EPSS 0.2394

EPSS Percentile 96.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (2)

microsoft/asp.net 1.1 sp1

microsoft/asp.net < 1.1

Published Mar 23, 2006

Tracked Since Feb 18, 2026