CVE-2003-0225

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Information Server (IIS) versions 4.0 through 5.0

Description: The issue concerns the ASP function Response.AddHeader in Microsoft Internet Information Server, which does not limit memory requests when constructing headers. This allows remote attackers to generate a large header, causing a denial of service due to memory consumption with an ASP page.

Recommendations: For Microsoft Internet Information Server (IIS) versions 4.0 through 5.0, consider restricting access to ASP pages until a fix is available. As a temporary workaround, limit the size of headers that can be added by the Response.AddHeader function to prevent excessive memory consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.