Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1364


Vulnerability Score 7.8 7.8
CVE Id CVE-2006-1364
Last Modified 05 Sep 2008 05:01:43
Published 23 Mar 2006 06:06:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.

Vulnerable Systems


  • Microsoft

  • Microsoft 1.0

  • Microsoft 1.1


BID - 17188


MILW0RM - 1601


XF - ms-aspnet-w3wp-dos(25392)

BUGTRAQ - 20060322 w3wp remote DoS

SECTRACK - 1015825

FULLDISC - 20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET

Last Updated: 27 May 2016 10:42:02