CVE-2006-1364 - OpenCVE

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Asp.net

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:asp.net::::::::
	cpe:2.3:a:microsoft:asp.net:1.1:sp1::::::

No data.

References

Link	Providers
http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html
http://securitytracker.com/id?1015825
http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html
http://www.securityfocus.com/archive/1/428622/100/0/threaded
http://www.securityfocus.com/bid/17188
https://exchange.xforce.ibmcloud.com/vulnerabilities/25392
https://www.exploit-db.com/exploits/1601

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-23T11:00:00

Updated: 2024-08-07T17:12:20.929Z

Reserved: 2006-03-23T00:00:00

Link: CVE-2006-1364

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-03-23T11:06:00.000

Modified: 2018-10-18T16:32:21.777

Link: CVE-2006-1364

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-22T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060322 w3wp remote DoS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/428622/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip"}, {"name": "1015825", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015825"}, {"name": "17188", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17188"}, {"name": "ms-aspnet-w3wp-dos(25392)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392"}, {"name": "1601", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/1601"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html"}, {"name": "20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html"}, {"name": "20060322 w3wp remote DoS", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1364", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060322 w3wp remote DoS", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/428622/100/0/threaded"}, {"name": "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip", "refsource": "MISC", "url": "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip"}, {"name": "1015825", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015825"}, {"name": "17188", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17188"}, {"name": "ms-aspnet-w3wp-dos(25392)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392"}, {"name": "1601", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/1601"}, {"name": "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html", "refsource": "MISC", "url": "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html"}, {"name": "20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html"}, {"name": "20060322 w3wp remote DoS", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:12:20.929Z"}, "title": "CVE Program Container", "references": [{"name": "20060322 w3wp remote DoS", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/428622/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip"}, {"name": "1015825", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015825"}, {"name": "17188", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17188"}, {"name": "ms-aspnet-w3wp-dos(25392)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392"}, {"name": "1601", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/1601"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html"}, {"name": "20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html"}, {"name": "20060322 w3wp remote DoS", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1364", "datePublished": "2006-03-23T11:00:00", "dateReserved": "2006-03-23T00:00:00", "dateUpdated": "2024-08-07T17:12:20.929Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B666A98-0AC9-41D5-AB92-226BB6BC4681", "versionEndIncluding": "1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net:1.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "CC441C4B-3A1E-4709-8601-44477A6D5FA0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path."}], "id": "CVE-2006-1364", "lastModified": "2018-10-18T16:32:21.777", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2006-03-23T11:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1015825"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/428622/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/17188"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/1601"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}