Description

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.

Remediation

References

CVE-2003-0225

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2006-5361)

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.11)

MySQL CVE-2017-3639 Vulnerability (CVE-2017-3639)

Jboss EAP Improper Authentication Vulnerability (CVE-2012-0874)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11584)

Severity

Medium

Classification

CVE-2003-0225

Tags

Missing Update Known Vulnerabilities