CVE-2002-1908

Name of the Vulnerable Software and Affected Versions Microsoft IIS versions 5.0 through 5.1

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by sending an HTTP request with a Host header containing a large number of "/" (forward slash) characters.

Recommendations For Microsoft IIS versions 5.0 through 5.1, consider restricting access to the HTTP request handler to minimize the risk of exploitation. As a temporary workaround, limit the size of the Host header to prevent excessive CPU consumption.