CVE-2006-1364
35Vexday Risk Score
Sin señal de explotación. Ella tiene prueba de concepto pública.
ssvc Attendepss 56%
probabilidad de explotación
56%top 1% de las CVE
explotación observada
noninguna fuente lo reporta
1 exploit(s) público(s)
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
cve_referencewww.exploit-db.com/exploits/1601no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
Referencias
http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.ziphttp://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.htmlhttp://securitytracker.com/id?1015825https://exchange.xforce.ibmcloud.com/vulnerabilities/25392https://www.exploit-db.com/exploits/1601http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.htmlhttp://www.securityfocus.com/archive/1/428622/100/0/threadedhttp://www.securityfocus.com/bid/17188