CVE-1999-1537 - Deranged Morphine


IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files which will cause IIS to perform extra work to send the files over SSL.