Oval Definition:	oval:org.mitre.oval:def:373
Revision Date: 2011-05-16 Version: 19 Title: IIS AddHeader Large Header Denial of Service Description: The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2003-0225 Platform(s): Microsoft Windows 2000 Product(s): Microsoft Internet Information Server (IIS) Definition Synopsis IIS major version equals 5 AND IIS minor version equals 0 AND File %windir%\system32\inetsrv\asp.dll version is less than 5.0.2195.6672 AND NOT Patch Q811114 Installed AND NOT SP4 or later Installed
BACK