Description
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.
Remediation
References
Related Vulnerabilities
WordPress Plugin Royal Gallery Cross-Site Scripting (2.0)
Java Unspesificed Vulnerability (CVE-2019-2684)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3273)
XWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2023-26476)
Moodle Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-25978)