CVE-1999-1223
IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.
Date published : 2002-03-09
http://support.microsoft.com/support/kb/articles/q187/5/03.asp