CVE-1999-1537

Name of the Vulnerable Software and Affected Versions: IIS versions 3.x through 4.x

Description: The issue allows remote attackers to cause a denial of service, specifically resource exhaustion, by sending SSL requests to the HTTPS port for files that normally do not require encryption. This causes the software to perform extra work to send these files over SSL.

Recommendations: For IIS versions 3.x through 4.x, consider restricting access to the HTTPS port for files that do not require encryption as a temporary workaround to minimize the risk of exploitation.