7.8

CVE-2006-1364

Exploit
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftAsp.Net Version <= 1.1
MicrosoftAsp.Net Version1.1 Updatesp1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 58.74% 0.99
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip
Third Party Advisory
Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html
Third Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html
Third Party Advisory
http://securitytracker.com/id?1015825
Third Party Advisory
VDB Entry
http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html
Third Party Advisory
Exploit
http://www.securityfocus.com/archive/1/428622/100/0/threaded
http://www.securityfocus.com/bid/17188
Third Party Advisory
Exploit
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/25392
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/1601
Third Party Advisory
Exploit
VDB Entry