On Windows 2000 Server, IBM Websphere 4.0.3 doesn't perform proper bounds checks on large HTTP headers. As a result, the application can be crashed by a remote user.
If a request is made for a .jsp ressource (the .jsp file does not need to exist), and the HTTP field "Host" contains 796 characters or more, the web service will crash. Other HTTP fields are also vulnerable if the size is increased to 4K.
For details, click here.