CVE-2003-0225 — MEDIUM severity vulnerability (The ASP function Response.AddHeader in Microsoft Internet In)
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.
| CVE ID | CVE-2003-0225 |
|---|---|
| Severity | MEDIUM |
| CVSS score | 5.0 |
| CVSS vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| CWE | NVD-CWE-Other |
| Status | Modified |
| Published | 2003-06-09 |
| Last modified | 2026-04-16 |
| Description | The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →