Description

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.

Remediation

References

CVE-2003-0225

Related Vulnerabilities

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.3)

Play Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3630)

Oracle Application Server Other Vulnerability (CVE-2007-3859)

WordPress Plugin Better Search Replace Cross-Site Request Forgery (1.3.2)

WordPress Plugin Theme My Login Local File Inclusion (6.3.9)

Severity

Medium

Classification

CVE-2003-0225

Tags

Missing Update Known Vulnerabilities