7.8
CVE-2006-1364
- EPSS 58.74%
- Veröffentlicht 23.03.2006 11:06:00
- Zuletzt bearbeitet 16.06.2026 22:22:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 58.74% | 0.99 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html
http://securitytracker.com/id?1015825
http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html
http://www.securityfocus.com/archive/1/428622/100/0/threaded
http://www.securityfocus.com/bid/17188
https://exchange.xforce.ibmcloud.com/vulnerabilities/25392
https://www.exploit-db.com/exploits/1601