High severity7.5NVD Advisory· Published Mar 23, 2006· Updated Apr 16, 2026

CVE-2006-1364

Description

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.

Affected products

Microsoft/Asp.net2 versions
cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*range: <=1.1
- cpe:2.3:a:microsoft:asp.net:1.1:sp1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securiteam.com/windowsntfocus/5KP0O0KI0Y.htmlnvdExploitThird Party Advisory
www.securityfocus.com/bid/17188nvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/1601nvdExploitThird Party AdvisoryVDB Entry
hackingspirits.com/vuln-rnd/w3wp-remote-dos.zipnvdBroken LinkThird Party Advisory
lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.htmlnvdThird Party Advisory
lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.htmlnvdThird Party Advisory
securitytracker.com/idnvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/25392nvdThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/428622/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.019
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000