Denial of Service Vulnerability in Microsoft Internet Information Server (IIS) 4.0 and 5.0
CVE-2003-0225

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server
Vendor: CVE Published:; 9 June 2003

Summary

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) versions 4.0 and 5.0 lacks proper controls on memory allocation for header construction. This flaw enables remote attackers to exploit the server by sending a specially crafted request that generates excessively large headers. The resulting memory consumption can lead to denial of service, as the server becomes unresponsive due to resource exhaustion. Implementing security measures and updates is crucial to mitigating this vulnerability and ensuring system stability.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://marc.info/?l=ntbugtraq&m=105110606122772&w=2

mailing-listx_refsource_NTBUGTRAQ

EPSS Score

42% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 9, 2003
Vulnerability Reserved
Apr 30, 2003