https://www.exploit-db.com/exploits/19457
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199908-018

IIS4.0存在漏洞，通过错误头HTTP请求可以造成服务拒绝。

Microsoft Commercial Internet System 2.0/2.5,IIS 4.0,Site Server Commerce Edition 3.0 alpha/3.0 i386 Malformed HTTP Request Header DoS

source: http://www.securityfocus.com/bid/579/info

Microsoft IIS and all other products that use the IIS web engine have a vulnerability whereby a flood of specially formed HTTP request headers will make IIS consume all available memory on the server and then hang. IIS activity will be halted until the flood ceases or the service is stopped and restarted. 

Simple play. I sent lots of "Host:aaaaa...aa" to IIS like...

GET / HTTP/1.1
Host: aaaaaaaaaaaaaaaaaaaaaaa....(200 bytes)
Host: aaaaaaaaaaaaaaaaaaaaaaa....(200 bytes)
...10,000 lines
Host: aaaaaaaaaaaaaaaaaaaaaaa....(200 bytes)

I sent twice above request sets. Then somehow victim IIS got memory leak after these requests. Of course, it can not respond any request any more. If you try this, you should see memory increase through performance monitor. You would see memory increase even after those requests finished already. It will stop when you got shortage of virtual memory. After that, you might not be able to restart web service and you would restart computer. I tried this against Japanese and English version of Windows NT.

来源:BID
名称:579
链接:http://www.securityfocus.com/bid/579
来源:MS
名称:MS99-029
链接:http://www.microsoft.com/technet/security/bulletin/ms99-029.mspx
来源:CIAC
名称:J-058
链接:http://www.ciac.org/ciac/bulletins/j-058.shtml
来源:MSKB
名称:Q238349
链接:http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q238349