Denial of Service Vulnerability in Response.AddHeader Function in IIS 4.0 and 5.0

Denial of Service Vulnerability in Response.AddHeader Function in IIS 4.0 and 5.0

CVE-2003-0225 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.

Learn more about our Cis Benchmark Audit For Microsoft Iis.