CVE-2006-1364

CVE Database · CVE-2006-1364

CVE-2006-1364

· N/AModified

CVSS v3.1

N/A

EPSS

58.74%

Published

Mar 23, 2006

Modified

Apr 15, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBASP.NET w3wp - COM Components Remote Crash TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.

Weaknesses (CWE)

CWE-400

Affected Products (2)

microsoft · asp.netvulnerable

References (18)

http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip

Broken LinkThird Party Advisory

http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html

Third Party Advisory

http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html

Third Party Advisory

http://securitytracker.com/id?1015825

Third Party AdvisoryVDB Entry

http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html

ExploitThird Party Advisory

http://www.securityfocus.com/archive/1/428622/100/0/threaded

KEV Catalog EPSS Scores Vendors All CVEs