New Search

IIS AddHeader Large Header Denial of Service

oval:org.mitre.oval:def:373

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2003-0225
Product(s):
  • Microsoft Internet Information Server (IIS)