Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1364

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2006-1364
Last Modified 05 Sep 2008 05:01:43
Published 23 Mar 2006 06:06:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1364

Summary

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.

Vulnerable Systems

Application

  • Microsoft Asp.net

  • Microsoft Asp.net 1.0

  • Microsoft Asp.net 1.1


References

BID - 17188

MISC - http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html

MILW0RM - 1601

MISC - http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip

XF - ms-aspnet-w3wp-dos(25392)

BUGTRAQ - 20060322 w3wp remote DoS

SECTRACK - 1015825

FULLDISC - 20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET


Last Updated: 27 May 2016 10:42:02